annotation for acegi

[zgd]

annotation is so good that i can't wait to use it in acegi

code sample

Code:

import java.util.List;

import org.gotblog.common.acegi.SecurityConfig;
import org.springframework.transaction.annotation.Transactional;

public interface BookManager {
	@Transactional
	@SecurityConfig( { "ROLE_USER", "ROLE_ANONYMOUS" })
	public List listBook();
}

here's my implementation for it

Code:

package org.gotblog.common.acegi;

import static java.lang.annotation.ElementType.METHOD;
import static java.lang.annotation.ElementType.TYPE;
import static java.lang.annotation.RetentionPolicy.RUNTIME;

import java.lang.annotation.Retention;
import java.lang.annotation.Target;

@Target( { TYPE, METHOD })
@Retention(RUNTIME)
public @interface SecurityConfig {
	String[] value();
}

Code:

package org.gotblog.common.acegi;

import java.lang.annotation.Annotation;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;

import org.springframework.metadata.Attributes;

public class AcegiAnnotationAttributes implements Attributes {
	// TODO need to add cache

	public Collection getAttributes(Class targetClass) {
		Set<net.sf.acegisecurity.SecurityConfig> configs = new HashSet<net.sf.acegisecurity.SecurityConfig>&#40;&#41;;
		for &#40;Annotation annotation &#58; targetClass.getAnnotations&#40;&#41;&#41; &#123;
			if &#40;annotation instanceof SecurityConfig&#41; &#123;
				SecurityConfig config = &#40;SecurityConfig&#41; annotation;
				for &#40;String value &#58; config.value&#40;&#41;&#41; &#123;
					configs.add&#40;new net.sf.acegisecurity.SecurityConfig&#40;value&#41;&#41;;
				&#125;
				break;
			&#125;
		&#125;
		return configs;
	&#125;

	public Collection getAttributes&#40;Class targetClass, Class filter&#41; &#123;
		throw new IllegalArgumentException&#40;"Not support filter"&#41;;
	&#125;

	public Collection getAttributes&#40;Method targetMethod&#41; &#123;
		Set<net.sf.acegisecurity.SecurityConfig> configs = new HashSet<net.sf.acegisecurity.SecurityConfig>&#40;&#41;;
		for &#40;Annotation annotation &#58; targetMethod.getAnnotations&#40;&#41;&#41; &#123;
			if &#40;annotation instanceof SecurityConfig&#41; &#123;
				SecurityConfig config = &#40;SecurityConfig&#41; annotation;
				for &#40;String value &#58; config.value&#40;&#41;&#41; &#123;
					configs.add&#40;new net.sf.acegisecurity.SecurityConfig&#40;value&#41;&#41;;
				&#125;
				break;
			&#125;
		&#125;
		return configs;
	&#125;

	public Collection getAttributes&#40;Method targetMethod, Class filter&#41; &#123;
		throw new IllegalArgumentException&#40;"Not support filter"&#41;;
	&#125;

	public Collection getAttributes&#40;Field targetField&#41; &#123;
		throw new IllegalArgumentException&#40;"Not support field annotation"&#41;;
	&#125;

	public Collection getAttributes&#40;Field targetField, Class filter&#41; &#123;
		throw new IllegalArgumentException&#40;"Not support field annotation"&#41;;
	&#125;

&#125;

Code:

<bean id="acegiAnnotationAttributes" 
	class="org.gotblog.common.acegi.AcegiAnnotationAttributes"/>
<bean id="objectDefinitionSource" 
	class="net.sf.acegisecurity.intercept.method.MethodDefinitionAttributes">
	<property name="attributes">
		<ref local="acegiAnnotationAttributes"/>
	</property>
</bean>

it works fine and i haven't optimized it for performance
http://up-u.com/?p=183

[Ben Alex]

Thanks for the post. I've added a link to the articles page on Acegi Security's main site. I'll also add official annotation support to Acegi Security shortly.

[jcarreira]

Any progress on this? Also, I'd suggest naming the annotation something besides SecurityConfig. It should be an adverb qualifying the action (verb) being done by the method. Maybe something like "Secured".

[Ben Alex]

I'm also pondering whether the annotation should specify conditionals, such as "ROLE_FOO or ROLE_BOO and ROLE_DOO". Right now such logic happens in the AccessDecisionManager concrete implementation. I think a pumped-up AccessDecisionVoter that recognises one or more different types of annotations (which are merely implementations of ConfigAttribute) might be the way forward.

Would this be useful to people? Comments?

[jcarreira]

I'd say make it work just like the commons-attributes do for now. Adding conditionals shouldn't break these if you add them later, and I think (in my completely non-biased and not-having-been-waiting-for-this-for-a-month way) that it's more important to get it in there first, then refine it.

I'm also pondering whether the annotation should specify conditionals, such as "ROLE_FOO or ROLE_BOO and ROLE_DOO". Right now such logic happens in the AccessDecisionManager concrete implementation. I think a pumped-up AccessDecisionVoter that recognises one or more different types of annotations (which are merely implementations of ConfigAttribute) might be the way forward.

Would this be useful to people? Comments?