[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [aspectj-users] RE: PerClauses( or single-signon-authorization)
|
Craig,
This won't work either. As mentioned in "AspetJ in Action"
section 4.3.4, pertarget() association will implicitely
limit the matched joinpoints to where the target object
is the subject to which the aspect is associated.
What's the solution? From my understanding of your system,
you may be able to do the following:
1. Create a map to associated the Subject with the caller
thread of the login() method.
2. Do not use any aspect association.
3. In authorization check advice, fetch back the subject
associated with the caller thread. Use the obtained
subject to pass to doPrivileged().
4. Remove the entry associated with the caller thread in
advice to logout().
Hope this helps. A small prototype may help to figure out
such issues.
-Ramnivas
--- Craig Collings <Craig.Collings@xxxxxxxxxxxxxxxxx> wrote:
> Dear all, sorry for replying to myself but my last effort was far too
> ugly.
>
> What, gentle readers, is wrong with the following?
>
> ---------------------------------------------------------------------
> import javax.security.auth.Subject;
>
>
> public abstract aspect AuthAspect pertarget(target(Subject)){
>
>
> public abstract pointcut authOperations();
>
>
> around():authOperations() && !cflowbelow(authOperations()){
>
> Subject s = (Subject)thisJoinPoint.getTarget();
>
> if(s == null) throw new AuthorizationException("No subject
> associated");
>
> try{
>
> Subject.doAsPrivileged(s, new
> PrivilegedExceptionAction(){
>
> public Object run() throws Exception{
>
>
> AccessController.checkPermission(getPermission(thisJoinPoint));
>
> return proceed();
>
> }}, null);
>
> }catch(PrivilegedActionException e){
>
> throw new AuthorizationException(e.getException());
>
> }
>
> }
>
>
> protected abstract Permission getPermission(JoinPoint point);
>
> }
> -----------------------------------------------------------------
>
> craig collings
>
>
>
#####################################################################################
> Notice of Confidential information
> The information contained in this electronic mail is CONFIDENTIAL
> INFORMATION and may
> be LEGALLY PRIVILEGED, intended only for the individual or entity
> named above. If you
> are not the intended recipient, you are hereby notified that the use,
> dissemination,
> distribution, or copying of this document is strictly prohibited. If
> you have received
> this electronic message in error, please immediately notify us by
> return or telephone
> call collect to 07 577 6049) and destroy the original message. Thank
> you, ABN AMRO Craigs Limited.
>
> This e-mail message has been scanned and cleared by MailMarshal
> www.marshalsoftware.com
>
>
#####################################################################################
> _______________________________________________
> aspectj-users mailing list
> aspectj-users@xxxxxxxxxxx
> http://dev.eclipse.org/mailman/listinfo/aspectj-users
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
