I'd like to see an alternate spring/xml based configuration made
available for those of use that loathe annotations.
perhaps an aop advice something akin to the usual spring tx advice
<shiro:advice id="shiroAdvice" >
<tx:attributes>
<tx:method name="write*" roles="owner etc"
permissions="a,b,c"/>
...
or some other xml based config option.
Cheers
Les Hazlewood wrote:
I'm CC'ing the dev list to try to keep these kinds of details from
chatting up the user list.
I think J-C's approach is definitely the way to go from an integration
standpoint. The AnnotationsAuthorizingMethodInterceptor exists
exactly for the reason that J-C subclassed it - to provide an easy
extension point for AspectJ and JBoss AOP (or any other AOP framework)
when the time came.
My personal preference would be to use this integration mechanism and
AspectJ in the standalone example app as Kalle suggested to have a
baseline AOP mechanism we can rely on in any environment, Spring or
not. For simplicity's sake, I would assume that runtime weaving is a
good (default) way to show AspectJ integration, but I think we should
probably also clearly show or document how to do compile-time weaving
if one wants to do that for enhanced performance.
I'm excited to see what comes of J-C's contributions. I also don't
have the AspectJ experience that either J-C or Kalle does, so I'm
looking forward to learning!
Cheers,
Les
On Mon, Jan 11, 2010 at 1:27 PM, Kalle Korhonen
<[email protected]> wrote:
Thanks J-C. Yeah, that's sort of what I thought. Creating aspects
isn't hard with AspectJ though it takes a while to get used to the
syntax and thinking. One size likely doesn't fit all, so at this point
my initial thinking is that we should make it an example first, then
see if we can generalize some parts of it. I don't want to force (or
even suggest as the primary option) compile-time weaving to standalone
projects (there are other ways to deal with annotations as well).
Runtime weaving on the other hand incurs relatively heavy costs on
memory consumption, which of course is more of a concern for desktop
apps. We are missing a good standalone application example anyway.
What do you think Les?
Kalle
On Mon, Jan 11, 2010 at 10:01 AM, Jean-Cédric Desrochers
<[email protected]> wrote:
Maybe my initial post was not clear, I was just curious to see if you guys
would be interested in the integration I'm doing. Let me shed some light on
that...
I have to integrate application-level security in our platform and Shiro
came across my search results. After looking at it, I found the perfect
little framework I needed: simple API for authentication, annotation based
authorization, realms to support known and/or custom datasources, stability
(jsecurity existed for a while)... I decided to start a proof of concept
project to integrate Shiro and to see how it goes (the devil is in the
details..). I soon realized that the "authorization based on annotation"
feature was not available to me as we are not using spring (which is a
must-have requirement for us). So what I've done here is a simple adaptation
between aspectj and the AnnotationsAuthorizingMethodInterceptor model that
already exists in Shiro. In details I have:
a pointcut that targets each method that is decorated by an annotation
define by Shiro
an advice that gets call before any "secured" method invocation
a piece of logic that adapts the aspectj JoinPoint class into a
Shiro MethodInvocation
and finally it delegates the authorizing task to the existing code of
the org.apache.shiro.authz.aop package
All this works well within eclipse (I'm halfway done) and I'm working on the
configuration required to run this adaptation using the aspectj load-time
weaver tool (for our own production deployment purposes).
What I'm proposing here is to donate the piece of code I'v done + the
configuration and documentation required to seamlessly integrate shiro and
aspectj for the purpose exposed here.
Hope this clarifies things.
Regards,
J-C
On 11-Jan-2010, at 11:25, Kalle Korhonen wrote:
I'm not quite sure what you are proposing, J-C, but I can look over it
and help creating the aspectj module (having heavily used aspectj
before). J-C, can you elaborate more on it, what's the generalized
concept here? I.e. how are you thinking on processing the annotations
yet make it extensible?
Kalle
On Mon, Jan 11, 2010 at 7:55 AM, Les Hazlewood <[email protected]>
wrote:
J-C,
If you contribute a patch, can you ensure that you create a new child
Maven module under the support directory? i.e. support/aspectj?
Thanks,
Les
On Mon, Jan 11, 2010 at 10:48 AM, Les Hazlewood <[email protected]>
wrote:
Hi J-C,
This is a big +1 from me. I would love if you could contribute this
back to Shiro, as it is something I've worried about for a while, but
haven't had the time to work on personally.
Could you please add what you've done in the form of a patch or .zip
attachment (or both if necessary) to a Jira issue? I'm very excited
to see what you've done!
Thanks for offering to help - it is much appreciated!
Best,
Les
P.S. Please join the dev list if you haven't already for any tech
discussions related to the submissions.
On Mon, Jan 11, 2010 at 10:03 AM, Jean-Cédric Desrochers
<[email protected]> wrote:
First of, I want to say that what you've done is great. I was looking for a
framework to help me setup security in our platform and Shiro is exactly
what I needed. It's a simple framework that do not pretend to perform
everything for you and (best of all) it's "embeddable" in any situation. It
does not provide built-in audits (which is a requirement I have), but I can
easily do that myself using the events generated by the framework.
In my case, the situation is not a web app and not a spring container. We
want to perform authorization based on annotations for seamless development
and integration. However I realized that it is not currently available for
me... only spring-aop can do this for now. I looked in the forums and I
found that I'm not the only one that want's to do that.
So I decided to jump in and do what it needed to use aspectj for what I
wanted to do (validating actions programmatically is not really an option
for me). I currently have a prototype working and I need to work on the
run-time now: integration of the compiler and/or the code weaving (in a
seamless manner). But nonetheless, I thing it could be a great addition to
Shiro. Would you guys be interested in a donation so that the community can
benefit???
Regards,
J-C
