Uploaded image for project: 'Spring Security'
  1. Spring Security
  2. SEC-1665

AspectJMethodSecurityInterceptor need to be enhanced to be able to intercept private methods

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: 3.0.5
    • Fix Version/s: 3.1.0.RC2
    • Component/s: Core
    • Labels:
      None
    • Environment:
      Sun JDK 1.6_22, Windows XP SP2

      Description

      Folks ,
      I'm not sure if this is a bug or an improvement , I initially make it as a Bug , please excuse me if this is against the Spring work as designed context.

      the issue is like the following :
      1-I had developped an AspectJ Aspect which is suppose to match methods annotated with @RolesAllowed annotation.

      2-after compiling the classes with Maven aspectJ plugin, and configuring the spring security to run in aspectj mode , the classes are weawed (compile time ).

      3-the aim of enabling aspectj mode is ,to avoid going throw the proxy that the default Spring aop alliance uses , so then , internal method calls could be intercepted and not gone throw the proxy .

      4-let's take a simple test case :
      @RolesAllowed("NON_PREMIUM_USER")
      public void SecMethA() {

      SecMethB();
      }

      @RolesAllowed("PREMIUM_USER")
      public void SecMethB() {
      System.out.println("I'm safe, I do not need to worry ");
      }

      => if a user having the Role NON_PREMIUM_USER , and calls SecMethA(),every thing works as expected ,and the aspect is matched, than Spring security throws an accessDenied exception .

      but when I switch the type of SecMethB() to private , I have the below exception :
      java.lang.IllegalArgumentException: Could not obtain target method from JoinPoint: 'execution(void test.SecMethB())'
      at org.springframework.util.Assert.notNull(Assert.java:112)
      at org.springframework.security.access.intercept.aspectj.MethodInvocationAdapter.<init>(MethodInvocationAdapter.java:38)
      at org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor.invoke(AspectJMethodSecurityInterceptor.java:27)

      I suppose the

        Attachments

          Activity

            People

            • Assignee:
              luke Luke Taylor
              Reporter:
              anis.moussa Anis Moussa
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: