Announcement Announcement Module
Collapse
No announcement yet.
AOP for secure access to methods Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • AOP for secure access to methods

    I don't know the exact word for that, but I would like to know if Spring give some support to centralize security access to a method of a class.
    This security level should concern for example the identity of a user...for example:

    a user want to modify his own account. He will use a service bean like here:
    userService.save(user);

    and the security level should check if the current user can modify the bean "user" (probably only if the identifiers are equals).
    I can add some code in my userService.save method (something like an "if"... "else" etc...) or put the service class in an architecture made by me that help to separate the security operations from the application logic operations.
    Anyway I think AOP could do it much better, like AOP transaction does for transactions.
    Have Spring some support for that?

  • #2
    There's nothing built-in to do this, but just write your own interceptor that does this check (there are plenty of samples out their) or take a look ACEGI.

    Comment


    • #3
      I need the same context

      But wat i am checking is

      i want an intercept to a method which will insert

      code like

      isUserAccessible(resource,userName); //both the variables i know

      at the starting of a method which needs to be secured

      class ServiceTarget{

      fooTobeSecured()
      {
      //security check code above will come here....(it is successful)

      /*
      All secure information
      */

      }
      }


      I call this method in servlet


      class tDemo
      {

      ServiceTarget st=new ServiceTarget();

      String result=sd.foo(); //the method which needs to be secured


      }




      Will the TracingBeforeAdvisor do this ??

      Exactly wat i want to know is

      where will the code in my advisor be inserted?

      is like this
      /***********************************************/

      --->point cut (code in advice inserted here at run time)


      class demo{
      void foo{

      }

      }
      /*************************************************/

      or

      like this
      /************************************************** */

      class demo{

      void foo()
      {
      --->point cut((code in advice inserted here at run time))
      }


      }

















      thanks and regards,

      Chaitanya

      Comment


      • #4
        Code:
        ServiceTarget st=new ServiceTarget();
        String result=sd.foo(); //the method which needs to be secured
        The above (i.e. using the new construct) can be made secure using AspectJ. Using spring you need to obtain your ServiceTarget from Spring - usually using IoC. You then wrap you're ServiceTarget with a proxy an insert your interceptor. If you are using ACEGI maybe you should post to that forum topic.

        Comment

        Working...
        X