Announcement Announcement Module
Collapse
No announcement yet.
Roo Security, Best Practice and ContextHolderStrategy Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Roo Security, Best Practice and ContextHolderStrategy

    Roo Security, Best Practice and ContextHolderStrategy

    I am currenty working on a "Best Practice" Roo app focusing on use of Roo Security.

    I have these questions on the technical material presented below.

    1) Is my claim as to 'best practice' correct?
    2) Is there a better way (more Roo like) ways of generating the setter?
    3) Anything else in this area I have missed here, espically related to ROO best pracitce?

    --------

    Once a user clicks the "submit" button on a Roo generated form the processing will normally then end up calling a function in the "Controler". In this function the standard way of finding the user context (the logged in user, if any) is to call
    Code:
    Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    However this is very "un spring like" in that it creates an dependency.
    The 'dependency injection' way is to instead call
    Code:
    Object principal = securityContextHolderStrategy.getContext().getAuthentication().getPrincipal();
    Where securityContextHolderStrategy and its setter are defined in the Controller Class as
    Code:
        private static SecurityContextHolderStrategy securityContextHolderStrategy;
        
        public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy s) {
            securityContextHolderStrategy = s;
        }
    And the bean that sets the value goes in applicationContext-security.xml and looks like

    Code:
        <beans:bean id="somePOJOid_NotDireclyRefferenced" class="net.????.ControlerName">
            <beans:property name="securityContextHolderStrategy" >
                <beans:bean class="org.springframework.security.core.context.SecurityContextHolder"
                    factory-method="getContextHolderStrategy">
                </beans:bean>
            </beans:property> 
        </beans:bean>
    I am not asking if this works (I know it works). What I want to know is, - Is this the best, "most ROO approved" way of doing this?

    --
    Roger

  • #2
    Instead of this code:
    Code:
    private static SecurityContextHolderStrategy securityContextHolderStrategy;
    
    public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy s) {
        securityContextHolderStrategy = s;
    }
    ... I think this would be more Spring[Roo]-like (assuming it works, I haven't tested it):

    Code:
    @Autowired private SecurityContextHolderStrategy securityContextHolderStrategy;

    Comment


    • #3
      Thank you for the feedback Andrew.

      I tried but could not get the @Autowired to work. As per your example I needed to remove the "static" but even then it would not generate the setter and complained about not being able to find the bean. I guess it is best described as - "feature not implemented in this context". Not in anyway a problem.

      Comment

      Working...
      X