Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-1262: Aspectj(LTW) JoinPoints are not handled by PreInvocationAuthorizationAdviceVoter #1511

Closed
spring-projects-issues opened this issue Oct 8, 2009 · 2 comments

Comments

@spring-projects-issues
Copy link

@spring-projects-issues spring-projects-issues commented Oct 8, 2009

Aswin Nair (Migrated from SEC-1262) said:

The AspectJ joinpoints are not supported by the default expression based method security implementation org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter. The PreInvocationAuthirzationAdviceVoter is currently hardwired to deal with MethodInvocation (Spring AOP) specifically and there are no equivalents (as far as I saw) that deals with AspectJ Joinpoints. Since Spring AOP based approach does not intercetp local method calls , important security access expressions could be skipped and having AspectJ JointPoint support would be really useful.
Currently we have a customized version of PreInvocationAuthorizationAdviceVoter that wraps the JoinPoint as as MethodInvocation and works fine, but a framework support would be ideal.

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Mar 11, 2010

Luke Taylor said:

This should now work. I've created a new AspectJ interceptor which extends MethodSecurityInterceptor and uses an adapter which exposes the JoinPont as a MethodInvocation, not just to the voters, but to all the method-security infrastructure classes. I've also added support for Pre/Post annotations to the AnnotationSecurityAspect and changed it to use this interceptor.

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Mar 11, 2010

Luke Taylor said:

Note that the previous AspectJ interceptor classes are now deprecated as of 3.0.3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant