SEC-1262: Aspectj(LTW) JoinPoints are not handled by PreInvocationAuthorizationAdviceVoter #1511

spring-issuemaster opened this Issue Oct 8, 2009 · 2 comments


None yet
1 participant

Aswin Nair (Migrated from SEC-1262) said:

The AspectJ joinpoints are not supported by the default expression based method security implementation The PreInvocationAuthirzationAdviceVoter is currently hardwired to deal with MethodInvocation (Spring AOP) specifically and there are no equivalents (as far as I saw) that deals with AspectJ Joinpoints. Since Spring AOP based approach does not intercetp local method calls , important security access expressions could be skipped and having AspectJ JointPoint support would be really useful.
Currently we have a customized version of PreInvocationAuthorizationAdviceVoter that wraps the JoinPoint as as MethodInvocation and works fine, but a framework support would be ideal.

Luke Taylor said:

This should now work. I've created a new AspectJ interceptor which extends MethodSecurityInterceptor and uses an adapter which exposes the JoinPont as a MethodInvocation, not just to the voters, but to all the method-security infrastructure classes. I've also added support for Pre/Post annotations to the AnnotationSecurityAspect and changed it to use this interceptor.

Luke Taylor said:

Note that the previous AspectJ interceptor classes are now deprecated as of 3.0.3.

spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment