Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
RE: [aspectj-users] can user aspectj to forbid a method execute? 
Just a general question for those out there, is there any benefit to using before versus around?  More a curiosity question than anything else.  I guess no if logic that calls a proceed, but I see no other functional differences.

________________________________

From: aspectj-users-bounces@xxxxxxxxxxx on behalf of FaKod
Sent: Thu 6/29/2006 2:44 PM
To: aspectj-users@xxxxxxxxxxx
Subject: Re: [aspectj-users] can user aspectj to forbid a method execute?


for example:

public aspect PrivilegeAspect {

    pointcut execClusterMethod(ClusterBase c):
        execution( !@NoPrivilegeCheck public * PrivilegedCluster+.*(..)) &&
        target(c);
    
    before(ClusterBase c) : execClusterMethod(c) {
        PrivilegeCheckerImpl pc = PrivilegeCheckerImpl.getImplInstance();
        
        MethodSignature sig = (MethodSignature) thisJoinPoint.getSignature();
        Method m = sig.getMethod();
        
        if(!pc.userPrivilegeIntersect((PrivilegedCluster) c, m, thisJoinPoint.getArgs()))
            throw new PrivilegeException("unsufficient privileges on Cluster: " +
                    c.getClass().getName()+
                    " calling method: " +
                    m.getName());
    }

}

Ron Bodkin schrieb: 

	You could also use before advice and if not authorized, throw an exception
	to prevent the method from executing. If you do this, then something else
	needs to handle the exception. And if the method doesn't declare it might
	throw a relevant exception, you'd need to use an unchecked exception (e.g.,
	a subclass of RuntimeException).
	
	 
	
	  _____  
	
	From: aspectj-users-bounces@xxxxxxxxxxx
	[mailto:aspectj-users-bounces@xxxxxxxxxxx] On Behalf Of Ron DiFrango
	Sent: Thursday, June 29, 2006 9:52 AM
	To: anydocs@xxxxxxxxx; aspectj-users@xxxxxxxxxxx
	Subject: RE: [aspectj-users] can user aspectj to forbid a method execute?
	
	 
	
	You could do this with around advice, with the advice containing the logic
	to check the role before issuing the proceed to the underlying call or
	return with a "Not Authorized" message.
	
	 
	
	  _____  
	
	From: aspectj-users-bounces@xxxxxxxxxxx on behalf of creatxr
	Sent: Thu 6/29/2006 12:37 PM
	To: aspectj-users
	Subject: [aspectj-users] can user aspectj to forbid a method execute?
	
	aspectj-users,
	
	 
	
	 
	
	can user aspectj to forbid a method execute? 
	
	I want to use it for authorization.
	
	 
	
	when user without role "ROLE_X" call method "callme", the method "callme"
	will not excute.
	
	 
	
	 
	
	creatxr,anydocs@xxxxxxxxx
	<mailto:%3c!--AID_FROMADDRESS_BEGIN--%3eanydocs@xxxxxxxxx%3c!--AID_FROMADDRE
	SS_END--%3e> <mailto:%3c!--AID_FROMADDRESS_BEGIN--%3eanydocs@xxxxxxxxx%3c!--AID_FROMADDRESS_END--%3e>  
	
	2006-06-30 
	
	 
	
	  
	
________________________________


	_______________________________________________
	aspectj-users mailing list
	aspectj-users@xxxxxxxxxxx
	https://dev.eclipse.org/mailman/listinfo/aspectj-users

Back to the top