SEC-1295: Placing Security on Roo Aspected methods fails #1541

Closed
spring-issuemaster opened this Issue Nov 16, 2009 · 1 comment

1 participant

@spring-issuemaster

Kermie de Frog (Migrated from SEC-1295) said:

When using @Secured on generated Roo_Entity methods a NPE is thrown due to target and _this information being missing when AspectJ creates the Join Point over an already aspected class. this NPE is thrown in AbstractMethodSecurityMetadataSource.getAttributes as there is a check against the Target to get the class.

Have found that this information can also be retrieved from the signature.

This is using AspectJSecurityInterceptor configuration as opposed to SpringAOP, which we know doesn't work with Roo at all - yet :-) The configuration is based on the aspects sample within Spring Security.

I have changed the following within AbstractMethodSecurityMetadataSource and it seems to work....

Class<?> targetClass = jp.getTarget().getClass();

To the following - though it too could just use one line and only call the signature:

        Class<?> targetClass = null;
        if(jp.getTarget() != null)
        {
            targetClass = jp.getTarget().getClass();
        }
        else
        {
            //this class has already been aspected, hence see if we can get the info from the
            //static part
            targetClass = jp.getStaticPart().getSignature().getDeclaringType();
        }
@spring-issuemaster

Luke Taylor said:

According to Andy (Clement) this is probably happening because:

"intertype declarations are implemented via creating static methods, so there may be no instance around for the joinpoint to use if it is found to be inside a static method"

Hence the target being null.

@spring-issuemaster spring-issuemaster added this to the 3.0.0.RC2 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment