Announcement Announcement Module
Collapse
No announcement yet.
Securing methods from a superclass Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Securing methods from a superclass

    In my business layer I have a superclass and two superinterfaces as follow:

    interface -> IQueryService (provides methods for query);
    interface -> ICRUDService (extends IQueryService and provides methods for persistence like insert, update and delete);
    super class -> CRUDServiceImpl (implements all methods of IQueryService and ICRUDService);

    All my service beans extend CRUDServiceImpl but implement either IQueryService or ICRUDService exposing only query or complete crud methods.

    These interfaces and class are defined using generics, so when I want a business bean for Account that provides crud:

    @Transactional
    @Service
    public class AccountService extends CRUDServiceImpl<Account> implements IAccountService{
    }

    public interface IAccountService extends ICRUDService<Account>{
    }

    This works fine, so far.
    Now I started introducing authorization and then ... headaches.

    I tried "overriding" the super interfaces methods like:

    public interface IAccountService extends ICRUDService<Account>{

    @Secured("ACCOUNTANT")
    public void insert(Account account); //this method exists in ICRUDService
    }

    It doesn't work. The method never gets secured.

    This doesn't work either:

    <protect-pointcut expression="execution(* IAccountService.insert(..))" access="ACCOUNTANT"/>

    I wished it worked:

    <protect-pointcut expression="execution(* AccountService.insert(..))" access="ACCOUNTANT"/>


    This works, but secure wrongly any other class that extends ICRUDServiceImpl:

    <protect-pointcut expression="execution(* ICRUDServiceImpl.insert(..))" access="ACCOUNTANT"/>

    So I gave up on all strategies above and figured out this solution:

    @Transactional
    @Service
    public class AccountService extends CRUDServiceImpl<Account> implements IAccountService{
    @Secured("ACCOUNTANT")
    public void insert(Account account){
    super.insert(account);
    }
    }

    But I'm still no satisfied, since I have to override every method already exiting in the superclass just because the security issue. Moreover, superclasses are meant to code reusing by coding less, so it doesn't make sense.

    Any idea?

    Thanks in advance.
Working...
X