UnknownAdviceTypeException: No adapter for Advice of class

[aaron8tang]

Hi, Ben

If I wanna call my protected business method in jsp code, do I have to use AspectJ (JoinPoint) Security Interceptor?

I've used AOP Alliance (MethodInvocation) Security Interceptor, it doesn't intercept my call, so I try an AspectJ interceptor according to your instruction in the reference document.

1.configure AspectJSecurityInterceptor in the Spring application context:

Code:

   <bean id="positionManagerSecurity" class="net.sf.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor">
      <property name="validateConfigAttributes"><value>true</value></property>
      <property name="authenticationManager"><ref bean="authenticationManager"/></property>
      <property name="accessDecisionManager"><ref local="positionAccessDecisionManager"/></property>
      <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
      <property name="objectDefinitionSource">
         <value>
				com.xxx.jaidwapfactory.security.SecurityPositionManager.addPosition=ROLE_USER
				com.xxx.jaidwapfactory.security.SecurityPositionManager.removePosition=ACL_CONTACT_ADMIN
				com.xxx.jaidwapfactory.security.SecurityPositionManager.getPositions=AFTER_ACL_COLLECTION_READ
				com.xxx.jaidwapfactory.security.SecurityPositionManager.getPosition=AFTER_ACL_READ
         </value>
      </property>
   </bean>

2.define an AspectJ aspect:
I just change the pointcut expression from yours

Code:

package com.xxx.jaidwapfactory.security;

/**
 * @author cookman
 *  
 */
import net.sf.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor;
import net.sf.acegisecurity.intercept.method.aspectj.AspectJCallback;
import org.springframework.beans.factory.InitializingBean;

public aspect DomainObjectInstanceSecurityAspect implements InitializingBean {

    private AspectJSecurityInterceptor securityInterceptor;

    pointcut domainObjectInstanceExecution():  
             execution(public * com.xxx.jaidwapfactory.security.SecurityPositionManager+.*(..)) && !within(DomainObjectInstanceSecurityAspect);

    Object around(): domainObjectInstanceExecution() {
        if (this.securityInterceptor != null) {
            AspectJCallback callback = new AspectJCallback() {
                public Object proceedWithObject() {
                    return proceed();
                }
            };
            return this.securityInterceptor.invoke(thisJoinPoint, callback);
        } else {
            return proceed();
        }
    }

    public AspectJSecurityInterceptor getSecurityInterceptor() {
        return securityInterceptor;
    }

    public void setSecurityInterceptor(
            AspectJSecurityInterceptor securityInterceptor) {
        this.securityInterceptor = securityInterceptor;
    }

    public void afterPropertiesSet() throws Exception {
        if (this.securityInterceptor == null)
            throw new IllegalArgumentException("securityInterceptor required");
    }
}

3.configure Spring to load the aspect:

Code:

    <bean id="domainObjectInstanceSecurityAspect" 
        class="com.xxx.jaidwapfactory.security.DomainObjectInstanceSecurityAspect"
        factory-method="aspectOf">
      <property name="securityInterceptor"><ref bean="positionManagerSecurity"/></property>
    </bean>

4.compile source code with aspectj iajc ant task and deploy all

but I get the following error msg:

Code:

11:18:34,248 ERROR ContextLoader,Thread-1:114 - Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'positionManager' defined in ServletContext resource [/WEB-INF/applicationContext-common-business.xml]: Initialization of bean failed; nested exception is org.springframework.aop.framework.AopConfigException: Unknown advisor type class net.sf.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor; Can only include Advisor or Advice type beans in interceptorNames chain except for last entry,which may also be target or TargetSource; nested exception is org.springframework.aop.framework.adapter.UnknownAdviceTypeException: No adapter for Advice of class [net.sf.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor]
org.springframework.aop.framework.AopConfigException: Unknown advisor type class net.sf.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor; Can only include Advisor or Advice type beans in interceptorNames chain except for last entry,which may also be target or TargetSource; nested exception is org.springframework.aop.framework.adapter.UnknownAdviceTypeException: No adapter for Advice of class [net.sf.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor]
org.springframework.aop.framework.adapter.UnknownAdviceTypeException: No adapter for Advice of class [net.sf.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor]
	at org.springframework.aop.framework.adapter.DefaultAdvisorAdapterRegistry.wrap(DefaultAdvisorAdapterRegistry.java:49)
	at org.springframework.aop.framework.ProxyFactoryBean.namedBeanToAdvisor(ProxyFactoryBean.java:454)
	at org.springframework.aop.framework.ProxyFactoryBean.addAdvisorOnChainCreation(ProxyFactoryBean.java:417)
	at org.springframework.aop.framework.ProxyFactoryBean.createAdvisorChain(ProxyFactoryBean.java:321)
	at org.springframework.aop.framework.ProxyFactoryBean.setBeanFactory(ProxyFactoryBean.java:193)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:271)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:193)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:240)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:163)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:230)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:304)
	at org.springframework.web.context.support.XmlWebApplicationContext.refresh(XmlWebApplicationContext.java:131)
	at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:167)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:101)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:48)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3631)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4065)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:755)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
	at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:886)
	at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:849)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:474)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1079)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1011)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1003)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:437)
	at org.apache.catalina.core.StandardService.start(StandardService.java:450)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:2010)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:537)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:585)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:409)

[Ben Alex]

You only need AspectJ if your SecurityPositionManager is NOT coming from the Spring IoC container. If your SecurityPositonManager is coming from the Spring IoC container, you're far better off using MethodSecurityInterceptor with one of Spring's standard proxy factories.

I'll take a punt and assume SecurityPositionManager is coming from Spring IoC, in which case have you tried usiing MethodSecurityInterceptor with debug-level logging? If so, what is the output? Also, could you post your application context XML so I can see how you've configured it.

[aaron8tang]

Hi, Ben

I new a long post :roll:

http://forum.springframework.org/showthread.php?t=11804

I've tried using MethodSecurityInterceptor with debug-level logging and add some debug logging code. In your contacts example, it's ok. But in my own case ,nothing outputted :cry: .

output example of contacts application:

Code:

16:40:59,162 DEBUG MethodSecurityInterceptor:? - MethodInvocation=Invocation: method 'create', arguments [sample.contact.Contact@1f2f70a: Id: null; Name: dispatch2; Email: aarontang]; target is of class [sample.contact.ContactManagerBackend]method=create
....

[aaron8tang]

By the way, Ben, I fix two little bug, (wish i do the right thing )

1.JdbcDaoImpl.java

Code:

public static final String DEF_OBJECT_PROPERTIES_QUERY = "SELECT CHILD.ID, CHILD.OBJECT_IDENTITY, CHILD.ACL_CLASS, PARENT.OBJECT_IDENTITY as PARENT_OBJECT_IDENTITY FROM acl_object_identity as CHILD LEFT OUTER JOIN acl_object_identity as PARENT ON CHILD.parent_object=PARENT.id WHERE CHILD.object_identity = ?";//PARENT.id=CHILD.parent_object and

otherwise the id column is ambiguous. And when there is no object hierarchy, "where condition" PARENT.id=CHILD.parent_object always return null

2.HttpSessionIntegrationFilter

Code:

            if(((HttpServletRequest) request).isRequestedSessionIdValid()) {

	            HttpSession httpSession = ((HttpServletRequest) request).getSession();
	
	            if (httpSession != null) {
	                httpSession.setAttribute(ACEGI_SECURITY_AUTHENTICATION_KEY,
	                    authentication);
	                updateOtherLocations(httpSession, authentication);
	            }
            }

otherwise when logging off(I use tomcat 5.5.4), there is error msg like "cannot commit to container....response is close"

[Ben Alex]

Thanks Aaron, I've added both fixes to CVS.

[aaron8tang]

Ben,

Have you written or goning to write an AspectJ interceptor example/testcase?

I tried to do it according to your example described in the reference document, but failed to work.

The first post under this topic is my experience, could you give me some advice?

I try to use an AspectJ interceptor because that I know JBoss AOP cannot intercept method call in jsp code, but AspectJ can do it with its compile time weaving. I'm not sure Spring AOP will do the same job as AspectJ, so I want to have a test.

[aaron8tang]

Ben,

Is AspectJSecurityInterceptor still in progress?

In my test case, the error is obvious, because in spring reference, interceptorNames is restricted to be "String array of Advisor, interceptor or other advice names to apply", but AspectJSecurityInterceptor belongs to none of these, so UnknownAdviceTypeException is thrown.

[Ben Alex]

Aaron, I've gone through your configuration very closely and can't see the problem. Would you please post your full applicationContext-common-business.xml so I can take a look?

There is no sample included with Acegi Security for AspectJ. It does work, as I had it going when I wrote the interceptor, but I didn't bother with a sample app due to the more complicated compliation processes and dependencies. We're just wrapping up a major Maven migration and I didn't want to extend it with an AspectJ sample. Personally I found the CURRENT AspectJ IDE integration impractical for real applications due to the unreliable incremental compilation. Everytime I changed an XML file or whatever an entire rebuild took place, which is just not usable if you've got 200 classes. Generally with a little thought and package protected methods you can direct security-sensitive calls through a services layer object - which can happily exist in Spring's IoC container and work with an AOP Alliance MethodInterceptor such as MethodSecurityInterceptor - and avoid AspectJ for security.

Still, we'll try and get your application working, if you could just post the XML file.

[aaron8tang]

Ben, what I've posted in http://forum.springframework.org/showthread.php?t=11804 is my full configuration. Sorry for the inconvenience. At that time, I thought they belong to different topic.

Even after I change the applicationContext-common-authorization.xml according to your suggestion, it doesn't work. :cry:

[Ben Alex]

The configuration shown in that thread shows no AspectJ-related beans, and it shows MethodSecurityInterceptor together with a ProxyFactoryBean. If using AspectJ the aspect should be shown, and there is no need for a ProxyFactoryBean. Could you confirm it was removed?