This is actually how the Spring AOP support works - any @Requires*
check occurs in around advice to verify if the method is allowed to
continue or not.
The difficulty here, and I think is what Al is getting at, is how to
give the AOP check context on how to execute the check.
For @RequiresRoles, this is not really an issue since Role names are
hardcoded. But the devs have talked about doing something like this
for Permission checks (this doesn't exist yet - just brainstorming
stage):
@RequiresPermissions("user:update:{0.id}")
public void update(User toUpdate) {
...
}
Where {0.id} is an expression that says "get the id property (getId())
from the method argument at index 0, append it to the permission
string, and use that constructed string for the runtime check". Or
something like that - this is all up in the air at the moment.
And I do agree with JC's points of keeping permission checks in
implementation classes. Loose coupling, high cohesion, etc.
Cheers,
Les
On Mon, Feb 22, 2010 at 10:35 AM, Jean-Cédric Desrochers
<[email protected]> wrote:
> We do not use Spring hre... so I took the time to integrate Shiro with
> AspectJ (the code is in the trunk). The way I did it was to add an advice
> before each method call. That way each invocation made in the class hierarchy
> is validated against the current context and the annotations found. I'm sure
> there might be a way to do the same to the Spring integration.
>
> J-C
>
> On 22-Feb-2010, at 10:29, aloleary wrote:
>
>>
>> I initially had some issues getting Shiro annotations to work on impl classes
>> (Using Shiro+Spring) I will re-visit as I agree that not having them on
>> Interface is a good thing - maybe this issues is now resolved - it has been
>> some time since I did this.
>>
>> However I guess my question is more w.r.t. a Generic Impl. class - how to
>> ask Shiro the 'right' question for the class that exists only at runtime
>> after Type Erasure.
>>
>> --
>> View this message in context:
>> http://n2.nabble.com/Security-on-Generic-interfaces-tp4607155p4612727.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
>
>
