Dan, Well, I'm embarrassed to say that I have not read up on spring security. I've heard the word and that's about it. My ignorance is mostly due to a lack of time, since I have to develop everything from front to back (UI, graphics, Adobe Flex, Spring/CXF web services, DB development, etc.) Life used to be so simple in the procedural language days. :)
Thanks, Dan. Sounds like the way to go. I'll delve into that. I appreciate you saving me from a misguided idea. Ron -----Original Message----- From: Daniel Kulp [mailto:[email protected]] Sent: Thursday, May 14, 2009 1:39 PM To: [email protected] Cc: Ron Grimes Subject: Re: AOP Pointcuts Two thoughts: 1) Doesn't spring security already do some of this? :-) 2) It really shouldn't affect operation of the databindings at all. By the time you would get to the aop points, the execution of the databindings will have long been complete. The objects would be there already. Dan On Thu May 14 2009 3:22:02 pm Ron Grimes wrote: > So, my latest brainstorm is to modify my web service structure to take > advantage of AOP point cuts. But, I would like some opinions as to the > wisdom of doing this (is this the best approach). My plan is to wire > in an "around advice" that would strip out the authentication tokens > (stuff like user Id, password, session Id), authenticate it and, if it > all passes, modify the parameter list to include the passed-in parm > list (minus the authentication tokens), and let the service class > method execute. My thinking is that it will reduce coding every > service operation/method to check the credentials. > > But, before heading down that road, I wonder if anyone here has done > this. I'm concerned if it will execute the point cut before it tries > to perform the Aegis databinding or in any other way interfer with the > jaxws jaxb operations. > > Thanks for any tips you can give. > > Ron Grimes -- Daniel Kulp [email protected] http://www.dankulp.com/blog
