On Wed, 2004-02-04 at 15:47, Scott M Stark wrote: > Ok, there appear to be many dependencies on the server module, > many coming from CachedConnectionInterceptor, others from the > org/jboss/resource/adapter/jdbc/remote stuff I just addes due > to naming and invoker stuff. We need to cleanup the server module. > > The naming stuff should be in common.
You mean org.jboss.naming in server? > > The interceptor/invoker/proxy stuff needs to be unified across the jmx, > aop, and server modules. Let's get this discussion going as this > needs to be resolved now. I think the best model is provided by Bill's aop interceptors. The fundamental idea is that the interceptor makes no assumptions about what it is intercepting. It simply asks the metadata object. The metadata object can be configured according to whatever joinpoints are relevent. i.e. field/method/constructor, jmx attribute/operation or it could even be a url if it were applied to servlets. The deployer, container or invocation sets up the relevent metadata model. It is actually a hierarchy of metadata providers, e.g. invocation, container, vm, cluster You'll notice one outstanding issue is the REVISIT on how to get a human readable string that represents the joinpoint for error messages. e.g. public final class RoleBasedAuthorizationInterceptor implements org.jboss.aop.advice.Interceptor { protected Logger log = Logger.getLogger(this.getClass()); public String getName() { return "RoleBasedAuthorizationInterceptor"; } /** * Check if the principal is authorized to call the method by verifying that * the it containes at least one of the required roles. */ public Object invoke(org.jboss.aop.joinpoint.Invocation invocation) throws Throwable { AuthenticationManager securityManager = (AuthenticationManager)invocation.getMetaData("security", "authentication-manager"); // If there is not a security manager then there is no authorization // required if(securityManager == null) { return invocation.invokeNext(); } RealmMapping realmMapping = (RealmMapping)invocation.getMetaData("security", "realm-mapping"); if(realmMapping == null) { throw new SecurityException("Role mapping manager has not been set"); } Set roles = (Set)invocation.getMetaData("security", "roles"); if(roles == null) { /* REVISIT: for better message String message = "No method permissions assigned. to " + "method=" + invocation.getMethod().getName() + ", interface=" + invocation.getType(); */ String message = "No method permissions assigned."; log.error(message); throw new SecurityException(message); } // See if there is a runAs role associated with this thread. If there // is, this is the security role against which the assigned method // permissions must be checked. Principal threadRunAsRole = SecurityAssociation.peekRunAsRole(); if(threadRunAsRole != null) { // Check the runAs role if(!roles.contains(threadRunAsRole) && !roles.contains(AnybodyPrincipal.ANYBODY_PRINCIPAL)) { String message = "Insufficient method permissions" + ", runAsRole=" + threadRunAsRole + /* revisit: ", method=" + invocation.getMethod().getName() + */ ", interface=" + invocation.getType() + ", requiredRoles=" + roles; // Dain: I think this is redundant logging log.error(message); throw new SecurityException(message); } } // If the method has no assigned roles or the user does not have at // least one of the roles then access is denied. else { Principal principal = (Principal)invocation.getMetaData("security", "principal"); if(!realmMapping.doesUserHaveRole(principal, roles)) { String message = "Insufficient method permissions" + ", principal=" + principal + /* REVISIT: ", method=" + invocation.getMethod().getName() + */ ", interface=" + invocation.getType() + ", requiredRoles=" + roles + ", principalRoles=" + realmMapping.getUserRoles(principal); log.error(message); throw new SecurityException(message); } } return invocation.invokeNext(); } } Regards, Adrian > > > > xxxxxxxxxxxxxxxxxxxxxxxx > Scott Stark > Chief Technology Officer > JBoss Group, LLC > xxxxxxxxxxxxxxxxxxxxxxxx > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Alexey Loubyansky > Sent: Wednesday, February 04, 2004 6:34 AM > To: [EMAIL PROTECTED] > Subject: RE: [JBoss-dev] Bad cross module dependency > > Because the server is compiled before the connector and JCA's > WrappedStatement can't be used in CMP. > > > > ------------------------------------------------------- > The SF.Net email is sponsored by EclipseCon 2004 > Premiere Conference on Open Tools Development and Integration > See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. > http://www.eclipsecon.org/osdn > _______________________________________________ > JBoss-Development mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-development -- xxxxxxxxxxxxxxxxxxxxxxxx Adrian Brock Director of Support Back Office JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development