Hello,
when I was doing some REST endpoints and I was trying to test that with APE and Arquillian, I would like to see this one in the action:
Given:
I have this class
@Secure( { "admin" })
public class SomeClass {
public void theFirstMethod() {
}
@Secure({ "developer" })
public void theSecondMethod() {
}
}
When:
I am logged in with "developer" role
Then:
I can call theSecondMethod but I can not call theFirstMethod.
Right now, the implementation logic assumes that class level @Secure takes it all, I would expect that class level scope is used when there is not any annotation present on some particular method, otherwise that one on the method level is used.
From the implementation point of view to have the idea:
@AroundInvoke
public Object invoke(InvocationContext ctx) throws Exception {
Class clazz = ctx.getTarget().getClass();
Method method = ctx.getMethod();
// this will be added
// method beats the class
if (clazz.isAnnotationPresent(Secure.class) &&
method.isAnnotationPresent(Secure.class)) {
authorize(methodMetadata(ctx));
}
// end of adding things
if (clazz.isAnnotationPresent(Secure.class)) {
authorize(clazzMetadata(ctx));
}
Method method = ctx.getMethod();
if (method.isAnnotationPresent(Secure.class)) {
authorize(methodMetadata(ctx));
}
return ctx.proceed();
However it is rather unknow how this fits into your perspective but I have to say that I personally do not like the way how it is done right now.
Regards
Stefan Miklosovic
Red Hat Brno - JBoss Mobile Platform
e-mail: smikloso@redhat.com
irc: smikloso
Sorry I don't get your example, why should destroyEverything() also have "simple" annotated?
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev