[
https://issues.apache.org/jira/browse/ARIES-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christian Schneider resolved ARIES-1316.
----------------------------------------
Resolution: Fixed
I was able to reproduce the problem. The reason is that a proxy is involved
when calling the service. So the method m.getDeclaringClass is the interface
not the bean impl.
I solved the problem by giving the bean class to the interceptor using a
constructor. Then I look up the interface method in the bean class and retrieve
the runtime annotation from there.
So now the annotations are only taken from the impl class.
This is not ideal though. A user might want to define a security annotation
also at an interface. So I think the correct way to handle this would be to
parse the inheritance graph including implemented interfaces at parse time and
store the effective annotation per method in a map. So at runtime we could
simply do a fast lookup. I will create a separate issue for this.
> Problem with intercepting authorizing annotations of a class declared as an
> interface
> -------------------------------------------------------------------------------------
>
> Key: ARIES-1316
> URL: https://issues.apache.org/jira/browse/ARIES-1316
> Project: Aries
> Issue Type: Bug
> Components: Blueprint
> Affects Versions: blueprint-authz-1.0.0
> Reporter: Pavel Alekhin
> Assignee: Christian Schneider
> Priority: Minor
> Attachments: command.zip, properties.zip
>
>
> Using of interface variable causes empty roles' list error {color:red}Method
> call interface EchoService.echo denied. Roles allowed are []{color}, when
> interface doesn't have method authorizing annotations, while implementing
> class has.
> Code example:
> {code:title=EchoService.java|borderStyle=solid}
> public interface EchoService {
> //@RolesAllowed("admin")
> public String echo(String message);
> }
> {code}
> {code:title=SimpleEchoService.java|borderStyle=solid}
> public class SimpleEchoService implements EchoService {
> @RolesAllowed("admin")
> @Override
> public String echo(String message) {
> return message;
> }
> }
> {code}
> {code:title=EchoCommand.java|borderStyle=solid}
> @Command(scope = "kb", name = "echo")
> public class EchoCommand extends OsgiCommandSupport {
> private EchoService echoService;
> public EchoService getEchoService() {
> return echoService;
> }
> public void setEchoService(EchoService echoService) {
> this.echoService = echoService;
> }
> @Argument(index = 0, name = "message", required = true, multiValued =
> false)
> private String message;
> @Override
> protected Object doExecute() throws Exception {
> return echoService.echo(message);
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
