You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by Les Hazlewood <lh...@apache.org> on 2010/01/11 20:01:41 UTC
Re: Aspectj integration
I'm CC'ing the dev list to try to keep these kinds of details from
chatting up the user list.
I think J-C's approach is definitely the way to go from an integration
standpoint. The AnnotationsAuthorizingMethodInterceptor exists
exactly for the reason that J-C subclassed it - to provide an easy
extension point for AspectJ and JBoss AOP (or any other AOP framework)
when the time came.
My personal preference would be to use this integration mechanism and
AspectJ in the standalone example app as Kalle suggested to have a
baseline AOP mechanism we can rely on in any environment, Spring or
not. For simplicity's sake, I would assume that runtime weaving is a
good (default) way to show AspectJ integration, but I think we should
probably also clearly show or document how to do compile-time weaving
if one wants to do that for enhanced performance.
I'm excited to see what comes of J-C's contributions. I also don't
have the AspectJ experience that either J-C or Kalle does, so I'm
looking forward to learning!
Cheers,
Les
On Mon, Jan 11, 2010 at 1:27 PM, Kalle Korhonen
<ka...@gmail.com> wrote:
> Thanks J-C. Yeah, that's sort of what I thought. Creating aspects
> isn't hard with AspectJ though it takes a while to get used to the
> syntax and thinking. One size likely doesn't fit all, so at this point
> my initial thinking is that we should make it an example first, then
> see if we can generalize some parts of it. I don't want to force (or
> even suggest as the primary option) compile-time weaving to standalone
> projects (there are other ways to deal with annotations as well).
> Runtime weaving on the other hand incurs relatively heavy costs on
> memory consumption, which of course is more of a concern for desktop
> apps. We are missing a good standalone application example anyway.
> What do you think Les?
>
> Kalle
>
> On Mon, Jan 11, 2010 at 10:01 AM, Jean-Cédric Desrochers
> <jc...@gmail.com> wrote:
>> Maybe my initial post was not clear, I was just curious to see if you guys
>> would be interested in the integration I'm doing. Let me shed some light on
>> that...
>> I have to integrate application-level security in our platform and Shiro
>> came across my search results. After looking at it, I found the perfect
>> little framework I needed: simple API for authentication, annotation based
>> authorization, realms to support known and/or custom datasources, stability
>> (jsecurity existed for a while)... I decided to start a proof of concept
>> project to integrate Shiro and to see how it goes (the devil is in the
>> details..). I soon realized that the "authorization based on annotation"
>> feature was not available to me as we are not using spring (which is a
>> must-have requirement for us). So what I've done here is a simple adaptation
>> between aspectj and the AnnotationsAuthorizingMethodInterceptor model that
>> already exists in Shiro. In details I have:
>>
>> a pointcut that targets each method that is decorated by an annotation
>> define by Shiro
>> an advice that gets call before any "secured" method invocation
>> a piece of logic that adapts the aspectj JoinPoint class into a
>> Shiro MethodInvocation
>> and finally it delegates the authorizing task to the existing code of
>> the org.apache.shiro.authz.aop package
>>
>> All this works well within eclipse (I'm halfway done) and I'm working on the
>> configuration required to run this adaptation using the aspectj load-time
>> weaver tool (for our own production deployment purposes).
>> What I'm proposing here is to donate the piece of code I'v done + the
>> configuration and documentation required to seamlessly integrate shiro and
>> aspectj for the purpose exposed here.
>> Hope this clarifies things.
>> Regards,
>> J-C
>>
>> On 11-Jan-2010, at 11:25, Kalle Korhonen wrote:
>>
>> I'm not quite sure what you are proposing, J-C, but I can look over it
>> and help creating the aspectj module (having heavily used aspectj
>> before). J-C, can you elaborate more on it, what's the generalized
>> concept here? I.e. how are you thinking on processing the annotations
>> yet make it extensible?
>>
>> Kalle
>>
>>
>> On Mon, Jan 11, 2010 at 7:55 AM, Les Hazlewood <lh...@apache.org>
>> wrote:
>>
>> J-C,
>>
>> If you contribute a patch, can you ensure that you create a new child
>>
>> Maven module under the support directory? i.e. support/aspectj?
>>
>> Thanks,
>>
>> Les
>>
>> On Mon, Jan 11, 2010 at 10:48 AM, Les Hazlewood <lh...@apache.org>
>> wrote:
>>
>> Hi J-C,
>>
>> This is a big +1 from me. I would love if you could contribute this
>>
>> back to Shiro, as it is something I've worried about for a while, but
>>
>> haven't had the time to work on personally.
>>
>> Could you please add what you've done in the form of a patch or .zip
>>
>> attachment (or both if necessary) to a Jira issue? I'm very excited
>>
>> to see what you've done!
>>
>> Thanks for offering to help - it is much appreciated!
>>
>> Best,
>>
>> Les
>>
>> P.S. Please join the dev list if you haven't already for any tech
>>
>> discussions related to the submissions.
>>
>> On Mon, Jan 11, 2010 at 10:03 AM, Jean-Cédric Desrochers
>>
>> <jc...@gmail.com> wrote:
>>
>> First of, I want to say that what you've done is great. I was looking for a
>> framework to help me setup security in our platform and Shiro is exactly
>> what I needed. It's a simple framework that do not pretend to perform
>> everything for you and (best of all) it's "embeddable" in any situation. It
>> does not provide built-in audits (which is a requirement I have), but I can
>> easily do that myself using the events generated by the framework.
>>
>> In my case, the situation is not a web app and not a spring container. We
>> want to perform authorization based on annotations for seamless development
>> and integration. However I realized that it is not currently available for
>> me... only spring-aop can do this for now. I looked in the forums and I
>> found that I'm not the only one that want's to do that.
>>
>> So I decided to jump in and do what it needed to use aspectj for what I
>> wanted to do (validating actions programmatically is not really an option
>> for me). I currently have a prototype working and I need to work on the
>> run-time now: integration of the compiler and/or the code weaving (in a
>> seamless manner). But nonetheless, I thing it could be a great addition to
>> Shiro. Would you guys be interested in a donation so that the community can
>> benefit???
>>
>> Regards,
>>
>> J-C
>>
>>
>>
>>
>
Re: Aspectj integration
Posted by Jason Eacott <ja...@hardlight.com.au>.
I'd like to see an alternate spring/xml based configuration made
available for those of use that loathe annotations.
perhaps an aop advice something akin to the usual spring tx advice
<shiro:advice id="shiroAdvice" >
<tx:attributes>
<tx:method name="write*" roles="owner etc" permissions="a,b,c"/>
...
or some other xml based config option.
Cheers
Les Hazlewood wrote:
> I'm CC'ing the dev list to try to keep these kinds of details from
> chatting up the user list.
>
> I think J-C's approach is definitely the way to go from an integration
> standpoint. The AnnotationsAuthorizingMethodInterceptor exists
> exactly for the reason that J-C subclassed it - to provide an easy
> extension point for AspectJ and JBoss AOP (or any other AOP framework)
> when the time came.
>
> My personal preference would be to use this integration mechanism and
> AspectJ in the standalone example app as Kalle suggested to have a
> baseline AOP mechanism we can rely on in any environment, Spring or
> not. For simplicity's sake, I would assume that runtime weaving is a
> good (default) way to show AspectJ integration, but I think we should
> probably also clearly show or document how to do compile-time weaving
> if one wants to do that for enhanced performance.
>
> I'm excited to see what comes of J-C's contributions. I also don't
> have the AspectJ experience that either J-C or Kalle does, so I'm
> looking forward to learning!
>
> Cheers,
>
> Les
>
> On Mon, Jan 11, 2010 at 1:27 PM, Kalle Korhonen
> <ka...@gmail.com> wrote:
>> Thanks J-C. Yeah, that's sort of what I thought. Creating aspects
>> isn't hard with AspectJ though it takes a while to get used to the
>> syntax and thinking. One size likely doesn't fit all, so at this point
>> my initial thinking is that we should make it an example first, then
>> see if we can generalize some parts of it. I don't want to force (or
>> even suggest as the primary option) compile-time weaving to standalone
>> projects (there are other ways to deal with annotations as well).
>> Runtime weaving on the other hand incurs relatively heavy costs on
>> memory consumption, which of course is more of a concern for desktop
>> apps. We are missing a good standalone application example anyway.
>> What do you think Les?
>>
>> Kalle
>>
>> On Mon, Jan 11, 2010 at 10:01 AM, Jean-Cédric Desrochers
>> <jc...@gmail.com> wrote:
>>> Maybe my initial post was not clear, I was just curious to see if you guys
>>> would be interested in the integration I'm doing. Let me shed some light on
>>> that...
>>> I have to integrate application-level security in our platform and Shiro
>>> came across my search results. After looking at it, I found the perfect
>>> little framework I needed: simple API for authentication, annotation based
>>> authorization, realms to support known and/or custom datasources, stability
>>> (jsecurity existed for a while)... I decided to start a proof of concept
>>> project to integrate Shiro and to see how it goes (the devil is in the
>>> details..). I soon realized that the "authorization based on annotation"
>>> feature was not available to me as we are not using spring (which is a
>>> must-have requirement for us). So what I've done here is a simple adaptation
>>> between aspectj and the AnnotationsAuthorizingMethodInterceptor model that
>>> already exists in Shiro. In details I have:
>>>
>>> a pointcut that targets each method that is decorated by an annotation
>>> define by Shiro
>>> an advice that gets call before any "secured" method invocation
>>> a piece of logic that adapts the aspectj JoinPoint class into a
>>> Shiro MethodInvocation
>>> and finally it delegates the authorizing task to the existing code of
>>> the org.apache.shiro.authz.aop package
>>>
>>> All this works well within eclipse (I'm halfway done) and I'm working on the
>>> configuration required to run this adaptation using the aspectj load-time
>>> weaver tool (for our own production deployment purposes).
>>> What I'm proposing here is to donate the piece of code I'v done + the
>>> configuration and documentation required to seamlessly integrate shiro and
>>> aspectj for the purpose exposed here.
>>> Hope this clarifies things.
>>> Regards,
>>> J-C
>>>
>>> On 11-Jan-2010, at 11:25, Kalle Korhonen wrote:
>>>
>>> I'm not quite sure what you are proposing, J-C, but I can look over it
>>> and help creating the aspectj module (having heavily used aspectj
>>> before). J-C, can you elaborate more on it, what's the generalized
>>> concept here? I.e. how are you thinking on processing the annotations
>>> yet make it extensible?
>>>
>>> Kalle
>>>
>>>
>>> On Mon, Jan 11, 2010 at 7:55 AM, Les Hazlewood <lh...@apache.org>
>>> wrote:
>>>
>>> J-C,
>>>
>>> If you contribute a patch, can you ensure that you create a new child
>>>
>>> Maven module under the support directory? i.e. support/aspectj?
>>>
>>> Thanks,
>>>
>>> Les
>>>
>>> On Mon, Jan 11, 2010 at 10:48 AM, Les Hazlewood <lh...@apache.org>
>>> wrote:
>>>
>>> Hi J-C,
>>>
>>> This is a big +1 from me. I would love if you could contribute this
>>>
>>> back to Shiro, as it is something I've worried about for a while, but
>>>
>>> haven't had the time to work on personally.
>>>
>>> Could you please add what you've done in the form of a patch or .zip
>>>
>>> attachment (or both if necessary) to a Jira issue? I'm very excited
>>>
>>> to see what you've done!
>>>
>>> Thanks for offering to help - it is much appreciated!
>>>
>>> Best,
>>>
>>> Les
>>>
>>> P.S. Please join the dev list if you haven't already for any tech
>>>
>>> discussions related to the submissions.
>>>
>>> On Mon, Jan 11, 2010 at 10:03 AM, Jean-Cédric Desrochers
>>>
>>> <jc...@gmail.com> wrote:
>>>
>>> First of, I want to say that what you've done is great. I was looking for a
>>> framework to help me setup security in our platform and Shiro is exactly
>>> what I needed. It's a simple framework that do not pretend to perform
>>> everything for you and (best of all) it's "embeddable" in any situation. It
>>> does not provide built-in audits (which is a requirement I have), but I can
>>> easily do that myself using the events generated by the framework.
>>>
>>> In my case, the situation is not a web app and not a spring container. We
>>> want to perform authorization based on annotations for seamless development
>>> and integration. However I realized that it is not currently available for
>>> me... only spring-aop can do this for now. I looked in the forums and I
>>> found that I'm not the only one that want's to do that.
>>>
>>> So I decided to jump in and do what it needed to use aspectj for what I
>>> wanted to do (validating actions programmatically is not really an option
>>> for me). I currently have a prototype working and I need to work on the
>>> run-time now: integration of the compiler and/or the code weaving (in a
>>> seamless manner). But nonetheless, I thing it could be a great addition to
>>> Shiro. Would you guys be interested in a donation so that the community can
>>> benefit???
>>>
>>> Regards,
>>>
>>> J-C
>>>
>>>
>>>
>>>
>