Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [aspectj-users] within pointcut only matches 'phisically'

Hi Simone,

I see the point and it makes sense. But why does an inter-type method
declared on the type not qualify for being within the type? Is
performance a reason, maybe?

If I declare a new inter-type method on WebExposedService from within
MyMaliciousAspect, then I can do whatever I want, bypassing security
checks like the one in your example.

Martin

Simone Gianni wrote:
> Hi Martin,
> yes, within pointcuts are there exactly to do this, define the "other
> end" of the call. So, yes, it is intended. They are most useful with the
> call pointcut, for example :

> Object around() : call(* DomainBean+.get*()) && within(WebExposedService) {
>   if (doSomeSecurityChecks()) {
>     return proceed();
>   } else {
>     throw new SecurityException("You cannot access this method from the
> web");
>   }
> }

> This avoids making the security check for each call to each bean method,
> but limits it for calls made from a web service.

> Simone

> Martin Görg wrote:
>> Hi there,
>>
>> Some testing and an earlier thread I found online suggest that within
>> pointcuts only  pick out join points which are phisically contained
>> in the specified type. An ITD declared in another Aspect is not
>> matched. Is that correct and intended?
>>
>> Here's an example:
>> -------------------Demo.java---------------------
>> public class Demo {
>>               public static void main(String[] argv) {
>>                             new Demo().added();
>>                }
>> }
>> ----------------------------------------------------
>>
>> ------------------SomeAspect.aj----------------
>> public aspect SomeAspect {
>>               public void Demo.added() { }
>>
>>               before() : execution(* Demo.added()) && within(Demo) {
>>                                 System.out.println("executing Demo.added()");
>>                }
>> }
>> ----------------------------------------------------
>>
>> The compiler already gives a warning, that the advice has not been
>> applied and running the example confirms the warning.
>>
>> Greetings
>> Martin
>>
>> _______________________________________________
>> aspectj-users mailing list
>> aspectj-users@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/aspectj-users
>>   

> _______________________________________________
> aspectj-users mailing list
> aspectj-users@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/aspectj-users




Back to the top