Spring Security
  1. Spring Security
  2. SEC-1295

Placing Security on Roo Aspected methods fails

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0 RC1
    • Fix Version/s: 3.0.0.RC2
    • Component/s: Core
    • Labels:
      None
    • Environment:
      all

      Description

      When using @Secured on generated Roo_Entity methods a NPE is thrown due to target and _this information being missing when AspectJ creates the Join Point over an already aspected class. this NPE is thrown in AbstractMethodSecurityMetadataSource.getAttributes as there is a check against the Target to get the class.

      Have found that this information can also be retrieved from the signature.

      This is using AspectJSecurityInterceptor configuration as opposed to SpringAOP, which we know doesn't work with Roo at all - yet The configuration is based on the aspects sample within Spring Security.

      I have changed the following within AbstractMethodSecurityMetadataSource and it seems to work....

      Class<?> targetClass = jp.getTarget().getClass();

      To the following - though it too could just use one line and only call the signature:

      Class<?> targetClass = null;
      if(jp.getTarget() != null)

      { targetClass = jp.getTarget().getClass(); }

      else

      { //this class has already been aspected, hence see if we can get the info from the //static part targetClass = jp.getStaticPart().getSignature().getDeclaringType(); }

        Activity

        Hide
        Luke Taylor added a comment -

        According to Andy (Clement) this is probably happening because:

        "intertype declarations are implemented via creating static methods, so there may be no instance around for the joinpoint to use if it is found to be inside a static method"

        Hence the target being null.

        Show
        Luke Taylor added a comment - According to Andy (Clement) this is probably happening because: "intertype declarations are implemented via creating static methods, so there may be no instance around for the joinpoint to use if it is found to be inside a static method" Hence the target being null.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Kermie de Frog
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: