Hi, I'm trying to secure a simple class (POJO) without annotations, using the prepackaged security aspect (org.jboss.aspects.security.SecurityClassMetaDataLoader). I'm using JBoss 4.0.5GA, JBoss AOP 1.5.0GA, JDK 1.5.0_09 and WindowsXP.
So far I've been able to run succesfully but only with annotations in the pojo, not by XML. The class goes like: package security; | | @SecurityDomain ("other") | public class TransferFunds { | | @Permissions ({"rolB"}) | public boolean withdrawAll(Long accountId){ | System.out.println("inside withdrawAll...:" + accountId); | return true; | } | | @Permissions ({"rolA"}) | public void deposit(Long sum){ | System.out.println("inside deposit...:" + sum); | } | } The security domain is "other", and the application works well (permission denied, etc) with annotations. Tweaked the -javaagent parameter and used: -javaagent:pluggable-instrumentor.jar, and in the jboss-service.xml (aop deployer) touched the parameters to: <mbean code="org.jboss.aop.deployment.AspectManagerServiceJDK5" | name="jboss.aop:service=AspectManager"> | <attribute name="EnableLoadtimeWeaving">true</attribute> | <attribute name="SuppressTransformationErrors">true</attribute> | <attribute name="Prune">true</attribute> | <attribute name="Include">security.,org.jboss.injbossaop</attribute> | <attribute name="Exclude">org.jboss.,org.apache.</attribute> | <attribute name="Optimized">true</attribute> | <attribute name="Verbose">false</attribute> | </mbean> But when I removed the annotations from the class and putted a new created file named "learning-aop.xml" in the [$JBOSS_HOME]default/deploy dir, nothing happens. The only message I received is: 11:42:12,366 INFO [AspectDeployer] Deployed AOP: file:/C:/JavaDev/jboss-4.0.5.GA/server/default/deploy/learning-aop.xml The content of learning-aop.xml is the following: <?xml version="1.0" encoding="UTF-8"?> | <!DOCTYPE aop PUBLIC | "-//JBoss//DTD JBOSS AOP 1.0//EN" | "http://www.jboss.org/aop/dtd/jboss-aop_1_0.dtd"> | | <aop> | <metadata-loader tag="security" class="org.jboss.aspects.security.SecurityClassMetaDataLoader" /> | <metadata tag="security" class="security.TransferFunds"> | <security-domain>java:/jaas/other</security-domain> | <run-as>admin</run-as> | <method-permission> | <role-name>rolB</role-name> | <method> | <method-name>withdrawAll</method-name> | </method> | </method-permission> | <method-permission> | <role-name>rolA</role-name> | <method> | <method-name>deposit</method-name> | </method> | </method-permission> | </metadata> | </aop> Don't know what's wrong, or what's missing. Annotations works well, but I need to declare the security outside the classes (imposed restriction). Thanks in advance. maxi.- View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4000990#4000990 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4000990 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user