Skip to content
Skip to breadcrumbs
Skip to header menu
Skip to action menu
Skip to quick search
Quick Search
Browse
Pages
Blog
Labels
Attachments
Mail
Advanced
What’s New
Space Directory
Feed Builder
Keyboard Shortcuts
Confluence Gadgets
Log In
Sign Up
Dashboard
AWare
Copy Page
You are not logged in. Any changes you make will be marked as
anonymous
. You may want to
Log In
if you already have an account. You can also
Sign Up
for a new account.
This page is being edited by
.
Paragraph
Paragraph
Heading 1
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
Preformatted
Quote
Bold
Italic
Underline
More colours
Strikethrough
Subscript
Superscript
Monospace
Clear Formatting
Bullet list
Numbered list
Outdent
Indent
Align left
Align center
Align right
Link
Table
Insert
Insert Content
Image
Link
Attachment
Symbol
Emoticon
Wiki Markup
Horizontal rule
tinymce.confluence.insert_menu.macro_desc
Info
JIRA Issue
Status
Gallery
Tasklist
Table of Contents
Other Macros
Page Layout
No Layout
Two column (simple)
Two column (simple, left sidebar)
Two column (simple, right sidebar)
Three column (simple)
Two column
Two column (left sidebar)
Two column (right sidebar)
Three column
Three column (left and right sidebars)
Undo
Redo
Find/Replace
Keyboard Shortcuts Help
<p>The <strong>RoleBasedAccessProtocol</strong> aspect has two abstract pointcuts that needs to be defined in the aspect XML definition:</p> <ul> <li><code>authenticationPoints</code> - picks out all points in the code where you want authentication to take place</li> <li><code>authorizationPoints</code> - picks out all points in the code where you want authorization to take place</li> </ul> <p>Example on how to define the security aspect (f.e. authenticate on facade methods and authorize on service methods):</p> <table class="wysiwyg-macro" data-macro-name="code" data-macro-default-parameter="xml" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2NvZGU6eG1sfQ&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre> <aspect class="security.RoleBasedAccessProtocol" container="org.codehaus.aware.container.SpringAspectContainer"> <pointcut name="authenticationPoints" expression="execution(* *..facade.*.*(..))"/> <pointcut name="authorizationPoints" expression="execution(* *..service.*.*(..))"/> </aspect> </pre></td></tr></table> <p>AspectWerkz supports passing in parameters to aspects but since the definition of roles and permissions is hierachical it is hard to handle with key:value pairs only. Therefore this is a great showcase for the <a class="confluence-link" href="/display/AWARE/SpringAspectContainer" data-linked-resource-id="3419" data-linked-resource-type="page" data-linked-resource-default-alias="SpringAspectContainer" data-base-url="http://docs.codehaus.org">SpringAspectContainer</a> in which we can define the security permissions using Spring. </p> <p>Simply add something like this to your <code>aware-config.xml</code> and put it on the classpath:</p> <table class="wysiwyg-macro" data-macro-name="code" data-macro-default-parameter="xml" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2NvZGU6eG1sfQ&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre> <bean id="org.codehaus.aware.security.RoleBasedAccessProtocol" class="org.codehaus.aware.security.RoleBasedAccessProtocol" singleton="false" init-method="intialize"> <property name="type"> <value>JAAS</value> </property> <property name="roles"> <list> <value>admin</value> <value>jboner</value> </list> </property> <property name="permissions"> <list> <bean class="org.codehaus.aware.security.Permission"> <property name="role"> <value>jboner</value> </property> <property name="className"> <value>org.codehaus.aware.security.SecurityHandlingTest</value> </property> <property name="methodName"> <value>authorizeMe1</value> </property> </bean> <bean class="org.codehaus.aware.security.Permission"> <property name="role"> <value>jboner</value> </property> <property name="className"> <value>org.codehaus.aware.security.SecurityHandlingTest</value> </property> <property name="methodName"> <value>authorizeMe2</value> </property> </bean> </list> </property> </bean> </pre></td></tr></table> <p>So what is all this? If we take it step by step:</p> <p>In the first section:</p> <table class="wysiwyg-macro" data-macro-name="code" data-macro-default-parameter="xml" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2NvZGU6eG1sfQ&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre> <bean id="org.codehaus.aware.security.RoleBasedAccessProtocol" class="org.codehaus.aware.security.RoleBasedAccessProtocol" singleton="false" init-method="intialize"> </pre></td></tr></table> <p>we are telling mapping the security aspect class to a name (in this case it is the same), then we tell Spring to use the prototype pattern and not instantiate the aspect as a singleton, finally the method that we should use to initialize the aspect.</p> <p>In the next section:</p> <table class="wysiwyg-macro" data-macro-name="code" data-macro-default-parameter="xml" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2NvZGU6eG1sfQ&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre> <property name="type"> <value>JAAS</value> </property> </pre></td></tr></table> <p>we tell the aspect to use the JAAS security scheme. </p> <p>Then we define the roles that we want to use:</p> <table class="wysiwyg-macro" data-macro-name="code" data-macro-default-parameter="xml" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2NvZGU6eG1sfQ&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre> <property name="roles"> <list> <value>admin</value> <value>jboner</value> </list> </property> </pre></td></tr></table> <p>And finally we define the permissions. This is similar to how it is done in EJB: We define one permission by specifying which method in which class we want authorization to take place, then we bind this to a role (one of the roles<br /> previously define):</p> <table class="wysiwyg-macro" data-macro-name="code" data-macro-default-parameter="xml" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2NvZGU6eG1sfQ&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre> <property name="permissions"> <list> <bean class="org.codehaus.aware.security.Permission"> <property name="role"> <value>jboner</value> </property> <property name="className"> <value>foo.bar.Baz</value> </property> <property name="methodName"> <value>authorizeMe1</value> </property> </bean> <bean class="org.codehaus.aware.security.Permission"> <property name="role"> <value>jboner</value> </property> <property name="className"> <value>foo.bar.Baz</value> </property> <property name="methodName"> <value>authorizeMe2</value> </property> </bean> </list> </property> </pre></td></tr></table>
Please type the word appearing in the picture.
Attachments
Labels
Location
Watch this page
< Edit
Preview >
Loading…
Save
Cancel
Next hint
search
attachments
weblink
advanced
Copy Page