Announcement Announcement Module
Collapse
No announcement yet.
Acegi with Spring 2.0 aop config? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Acegi with Spring 2.0 aop config?

    I am currently using Spring 2.0 with the <aop:aspectj-autoproxy> and <tx:annotation-driven> transactions. I have been able to get acegi method interception working by using an old style autoproxy creator and designating individual beans, however I'd like to get this working in the 2.0 style by recognizing the annotation.

    I do not see a way to use the acegi AOP Alliance method interceptor with the Spring 2.0 aspectj pointcuts. I am thinking that I may have to create my own aspectj style aspect that delegates to the acegi method interceptor. I'd really hate to have to do that... I'd prefer to stay as close to standard as possible.

    Can anyone tell me if there is a way to configure the acegi method interceptor in an cooperative way with Spring 2.0?


    thanks,
    Pat Niemeyer
    author of Learning Java, O'Reilly & Associates

  • #2
    We have it working with the normal pointcuts. Can you please elaborate more on your problem?

    Code:
    <aop:config proxy-target-class="false">
    	<aop:pointcut id="serviceOperation" expression="execution(* com.ourcompany..*ServiceImpl.*(..))" />
    	<aop:advisor pointcut-ref="serviceOperation" advice-ref="methodSecurity" id="security" order="1"/>		
    	<aop:advisor pointcut-ref="serviceOperation" advice-ref="txAdvice" id="transactions" order="2"/>				
    	<aop:advisor pointcut-ref="serviceOperation" advice-ref="logging" id="performanceLogger" order="3"/>
    </aop:config>
    This is our AOP config and methodSecurity being the MethodSecurityInterceptor from Acegi. We are using Acegi 1.0.3 and Spring 2.0.1.

    Oops, just reread your post and see that you want to have it working with annotations. I guess I need another mug of coffee .
    Last edited by Marten Deinum; Jan 3rd, 2007, 02:28 AM.

    Comment


    • #3
      Well, actually this looks promising. Is your logging component an aspectj advisor or an AOPAlliance method interceptor?


      Pat

      Comment


      • #4
        Our logging component (well our) is the Spring provided PerformanceMonitorInterceptor which is a AOPAlliance method interceptor.

        Comment


        • #5
          Ah. Yes, my problem seems to be in how to mix the two. I think the docs explicitly warn not to mix the aspectj-autoproxy and the explicit aop config...


          thanks,
          Pat

          Comment


          • #6
            So, to recap - If I try to mix the old style acegi method interceptor / autoproxy bean factory with the new style declarative transactions and aspectj autoproxy things don't work. They work individually, but any bean that has a transaction on it doesn't get the method security, etc. They don't seem to mix well.

            So I'm going to try resorting to making my own advice that delegates to the acegi method security interceptor... Ug. That means subclassing the method interceptor because its methods are protected. Ug again.


            Pat

            Comment


            • #7
              The solution...

              The solution that I eventually found was to go ahead and write a Spring 2.0 aspecj style aspect that implements the Acegi AbstractSecurityInterceptor. The pointcut refers to the @Secured annotation so that it gets picked up in any bean just like @Transactional does now. This was actually very straightforward and I was reassured by the fact that the existing MethodSecurityInterceptor is a pretty simple extension of the AbstractSecurityInterceptor as well. The only other component needed was was an ObjectDefinitionSource that would read the config attributes directly from the annotation since you don't get access to the Method itself.

              I'm guessing that this will be obsoleted by something when Acegi is actually updated for Spring 2.0... but it's a pretty clean solution for now.


              Pat

              Comment


              • #8
                You could create a JIRA issue and post your solution there, it might get picked up to be used in the core or by other developers.

                Comment


                • #9
                  Pat,
                  I'm running into the same problem. I am already using Spring's transaction annotations, and I want to start using Acegi's security annotations in the same class. Would you be willing to share your code?

                  Adam

                  Comment


                  • #10
                    I'm just wondering if there has been any progress on this front (updating Acegi for Spring 2.x). Unfortunately the work I did was for a closed project, so in order to contribute it I'd have to reproduce it. I would be happy to do this if it will be helpful, but it seems obvious that someone in the acegi group must be working on this.

                    Please let me know if help is needed in this area.

                    thanks,
                    Pat Niemeyer

                    Comment


                    • #11
                      Help is definitely needed :-)

                      I am having the same problem. I have annotations working for transactions, but having a problem with BeanNameAutoProxyCreator for Acegi

                      Any help would be greatly appreciated.

                      Comment


                      • #12
                        This thread is about a year old, but I (for one) am still grappling with this issue in Spring 2.5. My project has two existing aspects:
                        1. Transactions via <tx:annotation-driven>
                        2. A validation aspect developed in-house, which gets hooked in via <aop:aspectj-autoproxy>
                        Now I'm tasked with adding method security to our existing Acegi configuration, but I can't seem to get the security advice working at the same time as the other two. Unfortunately, upgrading to Spring Security 2.x is not an option right now, so I can't use the <sec:global-method-security> element.

                        So like you, Pat, I think I need to build a @AspectJ bridge to the security interceptor. If you can't post code, would you mind going into a little more detail on your approach? Hate to reinvent the wheel. Thanks!

                        Comment


                        • #13
                          Finally got it working, based on an @AspectJ example given in this thread:

                          http://forum.springframework.org/showthread.php?t=42160

                          I also needed to reorder the bean definitions of my aspects in the Spring configuration file because one of them (our in-house validation aspect) depends on a business object that needs to be proxied. Spring was complaining about injecting the unwrapped business object into the validation aspect bean until I placed it after the others.

                          Comment

                          Working...
                          X