Jan 4th, 2011, 05:51 AM
Multiple problems with init() methods and protect-pointcut (proxies).
I'm adding authorization (method security) to a pre-existent spring project, but I'm facing different problems when trying to use global-method-security's protect-pointcut.
The project itself works fine without authorization. It uses CXF, Jax:WS endpoints, and spring-ws. I managed to wire the WSS4J interceptors' X509 certificates to a PreAuthenticatedToken and credentials are loaded from a user list. Everything is fine.
Problems arise when trying to use protect-pointcut. I can get as far as adding a <global-method-security/> line to the security configuration, but not farther.
Here is what I've tried so far:
JDK proxies: If I add the "protect-pointcut" line, I get a BeanCreationException caused by an IllegalArgumentException while invoking the service's "init()" method. I couldn't get rid of this exception. I was able to trace it up to sun.reflect.DelegatingMethodAccessorImpl.invoke(), which is called with the a reference to the proper method (the init() method in the service) and a org.springframework.aop.framework.JdkDynamicAopPro xy as the object on which to invoke it. Afterwards, it goes into the native invoke0() method and throws the exception.
CGILIB proxies: Adding a <aop:aspectj-autoproxy proxy-target-class="true"/> line in the security configuration allows the beans to be created with no exception (works around the previous problem). The protect-pointcut even works fine when the method is called by an unauthorized principal (access is denied), but I learned that it is because the init() method of the service is never executed (then fields are not populated, and the service throws NPEs).
What could be the reason for these problems?, any ideas on how to fix it?, or work around it?.
I'm not being able to debug much, because of the use of proxies.
I am running out of ideas, and I've been searching the web for a solution for days with no luck. I would be happy to use any of the proxies, as long as it works.
All help will be deeply appreciated.
Thanks in advance.
P.D: I'm using spring 2.5.6, spring-security 2.0.5.RELEASE, CXF 2.2.12, spring-ws 1.5.9. Thanks.
Tags for this Thread