[jboss-user] [JBoss AOP] - Problem with prepackaged security aspect on a POJO using XML
gmdr
do-not-reply at jboss.com
Fri Jan 12 10:12:10 EST 2007
Hi,
I'm trying to secure a simple class (POJO) without annotations, using the prepackaged security aspect (org.jboss.aspects.security.SecurityClassMetaDataLoader). I'm using JBoss 4.0.5GA, JBoss AOP 1.5.0GA, JDK 1.5.0_09 and WindowsXP.
So far I've been able to run succesfully but only with annotations in the pojo, not by XML.
The class goes like:
package security;
|
| @SecurityDomain ("other")
| public class TransferFunds {
|
| @Permissions ({"rolB"})
| public boolean withdrawAll(Long accountId){
| System.out.println("inside withdrawAll...:" + accountId);
| return true;
| }
|
| @Permissions ({"rolA"})
| public void deposit(Long sum){
| System.out.println("inside deposit...:" + sum);
| }
| }
The security domain is "other", and the application works well (permission denied, etc) with annotations. Tweaked the -javaagent parameter and used: -javaagent:pluggable-instrumentor.jar, and in the jboss-service.xml (aop deployer) touched the parameters to:
<mbean code="org.jboss.aop.deployment.AspectManagerServiceJDK5"
| name="jboss.aop:service=AspectManager">
| <attribute name="EnableLoadtimeWeaving">true</attribute>
| <attribute name="SuppressTransformationErrors">true</attribute>
| <attribute name="Prune">true</attribute>
| <attribute name="Include">security.,org.jboss.injbossaop</attribute>
| <attribute name="Exclude">org.jboss.,org.apache.</attribute>
| <attribute name="Optimized">true</attribute>
| <attribute name="Verbose">false</attribute>
| </mbean>
But when I removed the annotations from the class and putted a new created file named "learning-aop.xml" in the [$JBOSS_HOME]default/deploy dir, nothing happens. The only message I received is:
11:42:12,366 INFO [AspectDeployer] Deployed AOP: file:/C:/JavaDev/jboss-4.0.5.GA/server/default/deploy/learning-aop.xml
The content of learning-aop.xml is the following:
<?xml version="1.0" encoding="UTF-8"?>
| <!DOCTYPE aop PUBLIC
| "-//JBoss//DTD JBOSS AOP 1.0//EN"
| "http://www.jboss.org/aop/dtd/jboss-aop_1_0.dtd">
|
| <aop>
| <metadata-loader tag="security" class="org.jboss.aspects.security.SecurityClassMetaDataLoader" />
| <metadata tag="security" class="security.TransferFunds">
| <security-domain>java:/jaas/other</security-domain>
| <run-as>admin</run-as>
| <method-permission>
| <role-name>rolB</role-name>
| <method>
| <method-name>withdrawAll</method-name>
| </method>
| </method-permission>
| <method-permission>
| <role-name>rolA</role-name>
| <method>
| <method-name>deposit</method-name>
| </method>
| </method-permission>
| </metadata>
| </aop>
Don't know what's wrong, or what's missing. Annotations works well, but I need to declare the security outside the classes (imposed restriction).
Thanks in advance.
maxi.-
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4000990#4000990
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4000990
More information about the jboss-user
mailing list