Announcement Announcement Module
Collapse
No announcement yet.
[Method Security] capture pre-pos-annotation magic and redirect it Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Method Security] capture pre-pos-annotation magic and redirect it

    Dear members of the Spring community,

    I'm interested in applying pre-post-annotations method security in an OSGi application composed of different bundles.

    However, I don't see how can I capture the result of different bundles pre-post-annotations processing and pass it to a particular MethodSecurityInterceptor.

    So here comes the questions:
    - Is there a way to capture such pre-post-annotations generated MethodDefinitionSource bean? Or maybe declare it for annotations to populate it when annotated beans are declared?
    - Would the use of this MethodDefinitionSource suffice for interception to happen?
    - Alternatively, does anybody knows an alternative solution for the exposed problem?

    Many thanks in advance,
    Isart


    Context:
    I'm involved in securing an OSGi based application, where several bundles expose their API through web services. Due to the nature of the security requirements of the application, we are using spring url filters to filter access based on roles, which works pretty fine. We declare our custom filterChain in the security bundle and expose it as an OSGi service, which is then used as a filter in every other bundle registered web service.

    However, we are now to introduce ACLs for more fine-graned security requirements of the type:
    "I want to restrict access by allowing only users (principals) having read permission on the method returned object".

    I've been able to configure the AclService with its required beans structure.
    The problem comes on the wiring with method invocations.

    Pre-post annotations work well when beans of annotated classes are registered in the same spring context the security is. But as far as I understood, it has nothing to do when beans are declared in other contexts.
    (the annotation weaver (nor any other) will not extend further than the spring context it is declared to (it would not parse beans declared in other contexts).

    So we find ourselves with no method interception.


    I think one can use a different weaver in each bundle to make pre-post-annotations magic work. (If I understood well, it populates a MethodDefinitionSource among many other things. I must say I have little knowledge about how aspectj comes into play, which may invalidate my solution, maybe due to aspectj weaver restrictions).
    But we need, then, a way to link per-bundle generated MethodDefinitionSource metadata to the single MethodSecurityInterceptor declared in the security spring context. I should be able to do that once having a reference to the MethodDefinitionSource.

    So here comes the questions:
    - Is there a way to capture such MethodDefinitionSource bean? Or maybe declare it for annotations to populate it when annotated beans are declared?
    - Would the use of this MethodDefinitionSource suffice for interception to happen?
    - Alternatively, does anybody knows an alternative solution for the exposed problem?

    Many thanks in advance,

    Isart
Working...
X