Results 1 to 3 of 3

Thread: Using @annotation with Spring Security Annotations

  1. Jun 29th, 2011, 10:02 PM #1
    zach.marshall
    zach.marshall is offline Junior Member
    Join Date
    Aug 2010
    Posts
    3

    Default Using @annotation with Spring Security Annotations

    I have a service interface that has a method that looks like the following:

    Code:
    package com.foo.svcs;

public interface FooService {
   @PreAuthorize("ROLE_USER")
   @com.foo.svcs.CustomAnnotation
   public void doSomething();
}
    My Spring application context xml configuration file looks partially like:

    HTML Code:
    <bean id="foo" class="com.foo.svcs.FooServiceImpl" />

<sec:global-method-security pre-post-annotations="enabled" access-decision-manager-ref="serviceAccessDecisionManager">
   <sec:expression-handler ref="expressionHandler"/>
</sec:global-method-security>

<aop:config>
   <aop:advisor pointcut="execution(* com.foo.svcs.*.*(..)) and @annotation(com.foo.svcs.CustomAnnotation)" advice-ref="aceCreator" />
</aop:config>
    I've found that when using the @annotation pointcut, my advice is not executed (even when removing the execution clause). However, if I do pointcut="bean(foo)" then my advice is executed. I am wondering if the proxies that are being created for the PrePost Spring Security annotation support are "hiding" my custom annotation on the service. Is that what's happening here, or is something else wrong?
    Reply With Quote Reply With Quote
  2. Jun 30th, 2011, 09:37 AM #2
    palbert
    palbert is offline Junior Member
    Join Date
    Jun 2011
    Location
    Colorado
    Posts
    1

    Default

    If you put your annotation on your FooServiceImpl class, your advice will most likely fire (unless something else is wrong). I had that same problem, since good programing practice says that the interface should have that information, not to mention that I would forget to put it on a MockFooService. I don't understand the logic for that decision, perhaps someone with a better understanding of the internals could explain.
    Reply With Quote Reply With Quote
  3. Jun 30th, 2011, 02:37 PM #3
    zach.marshall
    zach.marshall is offline Junior Member
    Join Date
    Aug 2010
    Posts
    3

    Default

    Thanks, that does indeed work. However, if I do that, then I cannot get to the annotation which is present on the class from my interceptor (which implements org.aopalliance.intercept.MethodInterceptor):

    Code:
    // invocation is instanceof org.aopalliance.intercept.MethodInvocation
com.foo.svcs.CustomAnnotation anno = invocation.getMethod().getAnnotation(com.foo.svcs.CustomAnnotation.class);
Assert.assertNotNull(anno); //this fails, as the annotation is not present on the method invocation
    Would switching to AspectJ aspects and advice allow me to capture that annotation when it is on the class?
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules