Return-Path: X-Original-To: apmail-airavata-dev-archive@www.apache.org Delivered-To: apmail-airavata-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id AD87818DFE for ; Thu, 23 Jul 2015 15:46:59 +0000 (UTC) Received: (qmail 31457 invoked by uid 500); 23 Jul 2015 15:46:59 -0000 Delivered-To: apmail-airavata-dev-archive@airavata.apache.org Received: (qmail 31407 invoked by uid 500); 23 Jul 2015 15:46:59 -0000 Mailing-List: contact dev-help@airavata.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@airavata.apache.org Delivered-To: mailing list dev@airavata.apache.org Received: (qmail 31392 invoked by uid 99); 23 Jul 2015 15:46:59 -0000 Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Jul 2015 15:46:59 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id DA2A3C0B8F for ; Thu, 23 Jul 2015 15:46:58 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 3.13 X-Spam-Level: *** X-Spam-Status: No, score=3.13 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, HTML_MESSAGE=3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id csaImvc1v2ym for ; Thu, 23 Jul 2015 15:46:50 +0000 (UTC) Received: from mail-ig0-f169.google.com (mail-ig0-f169.google.com [209.85.213.169]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTPS id EAF6320F46 for ; Thu, 23 Jul 2015 15:46:49 +0000 (UTC) Received: by igbij6 with SMTP id ij6so165654062igb.1 for ; Thu, 23 Jul 2015 08:46:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=5C+jUSKQpucJ5DweTsAkeRWJ7awbyhBKO76BIH723l4=; b=p/Gdrjfd2jz3+1fSbz9S1jf6YsbYlhkKYhnchbrLCwS47Ic4X+ydRJHLrN3AQeaQlP 9bSqY7/bV8lruJni0+qQD+QPPjSZ06S6PI7aHjXqT6Lrh/7QvJrC913n5ML0z4C0blpY b0grDIvIJuDPPutzV40vrpTq6QNJTEkTA3shmVS0NCxBaQw0O+Kokr1hjF41j1suLSnw eBkkvTeSizg3xzQPmK2578dG/TBbFIEDh0RwYW0aRRBHvy3mRLh55hpu3JsVLWG/ieGD K+ONRu1LLt1gAyzhezNK+mcthczDdjWl+lvc3hh/xzUukScs+ElNgmkUhZGNpso6+5nq T3sQ== X-Received: by 10.50.72.102 with SMTP id c6mr205288igv.31.1437666403411; Thu, 23 Jul 2015 08:46:43 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.23.2 with HTTP; Thu, 23 Jul 2015 08:46:24 -0700 (PDT) In-Reply-To: References: From: Hasini Gunasinghe Date: Thu, 23 Jul 2015 11:46:24 -0400 Message-ID: Subject: Re: Enforcing cross cutting aspects on Thrift API calls with Guice AOP framework To: Airavata Dev Content-Type: multipart/alternative; boundary=047d7bdc9fb247edfd051b8ccbe3 --047d7bdc9fb247edfd051b8ccbe3 Content-Type: text/plain; charset=UTF-8 Hi Amila, Let me quote the answer to your question from Guice documentation at [1]. "Behind the scenes, method interception is implemented by generating bytecode at runtime. Guice dynamically creates a subclass that applies interceptors by overriding methods." Thanks & Best Regards, Hasini. [1] https://github.com/google/guice/wiki/AOP On Wed, Jul 22, 2015 at 12:53 PM, Amila Jayasekara wrote: > Just curious; > How do Guice intercept Thrift calls ? > > -AJ > > On Mon, Jul 20, 2015 at 11:20 AM, Hasini Gunasinghe > wrote: > >> Hi Marlon, >> >> On Mon, Jul 20, 2015 at 8:58 AM, Pierce, Marlon wrote: >> >>> Thanks, Hasini. This is an interesting point. Compared to Web services >>> implementations in the past, we have lost in Thrift the notions of headers >>> and message contexts. Thinking beyond security aspects, do you see other >>> applications for Guice in the Thrift server? >>> >> >> Method interception capability of Guice can be used to apply any other >> cross cutting concerns on the thrift API method calls such as >> logging/monitoring, throttling, common data validation logic applied to a >> group of methods etc. >> >> In addition to the method interception capability, it provides certain >> other features such as dependency injection etc, which I have not looked >> into details. >> >> Thanks, >> Hasini. >> >> Marlon >>> >>> >>> From: Hasini Gunasinghe >>> Reply-To: dev >>> Date: Sunday, July 19, 2015 at 1:10 PM >>> To: dev >>> Subject: Enforcing cross cutting aspects on Thrift API calls with Guice >>> AOP framework >>> >>> Hi Devs, >>> >>> Just wanted to inform that Guice [1] (an aspect oriented programming >>> framework provided by Google and released under Apache 2.0 license) can be >>> used to enforce cross cutting aspects such as security, logging etc, >>> without embedding the code related to such aspects within the API methods >>> themselves. >>> >>> Since Thrift doesn't support interception of Thrift service calls, >>> earlier, the security enforcement was applied as the first line of >>> execution in each API call, which I felt is not a clean way of doing that. >>> With the support of Guice (about which I got to know from a recent >>> discussion in thrift mailing list), security enforcement could be moved to >>> a separate interceptor and is enforced on each method only by an annotation. >>> >>> Hope the same mechanism could be used to enforce any other cross >>> cutting aspects on the airavata thrift API calls. >>> >>> This change is implemented in the pull request[2], along with API >>> method changes related to security. >>> >>> Thanks, >>> Hasini. >>> >>> [1] >>> https://github.com/google/guice/wiki/AOP#example-forbidding-method-calls-on-weekends >>> [2] https://github.com/apache/airavata/pull/23 >>> >> >> > --047d7bdc9fb247edfd051b8ccbe3 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi Amila,

Let me quote the answer to yo= ur question from Guice documentation at [1].

"= ;Behind the scenes, method interception is implemented by generating byteco= de at runtime. Guice dynamically creates a subclass that applies intercepto= rs by overriding methods."

Thanks & Best = Regards,
Hasini.


On = Wed, Jul 22, 2015 at 12:53 PM, Amila Jayasekara <thejaka.amila@gmail= .com> wrote:
Just curiou= s;
How do Guice intercept Thrift calls ?

-AJ

On Mon, Jul 20, 2015 at 11:20 AM, Hasini Gunasinghe <hasi7786@gmai= l.com> wrote:
Hi Marlon,=

On Mon, Jul= 20, 2015 at 8:58 AM, Pierce, Marlon <marpierc@iu.edu> wrote:<= br>
Thanks, Hasini. This is an interesting point. Compared to Web services= implementations in the past, we have lost in Thrift the notions of headers= and message contexts.=C2=A0 Thinking beyond security aspects, do you see o= ther applications for Guice in the Thrift server?

Method intercep= tion capability of Guice can be used to apply any other cross cutting conce= rns on the thrift API method calls such as logging/monitoring, throttling, = common data validation logic applied to a group of methods etc.
<= br>
In addition to the method interception capability, it provide= s certain other features such as dependency injection etc, which I have not= looked into details.

Thanks,
Hasini.

Marlon


From: Hasini Gunasinghe <hasi7786@gmail.com>=
Reply-To: dev <dev@airavata.apache.org>=
Date: Sunday, July 19, 2015 at 1:10= PM
To: dev <dev@airavata.apache.org>
Subject: Enforcing cross cutting as= pects on Thrift API calls with Guice AOP framework

Hi Devs,

Just wanted to inform that Guice [1] (an aspect oriented programming f= ramework provided by Google and released under Apache 2.0 license) can be u= sed to enforce cross cutting aspects such as security, logging etc, without= embedding the code related to such aspects within the API methods themselves.

Since Thrift doesn't support interception of Thrift service calls,= earlier, the security enforcement was applied as the first line of executi= on in each API call, which I felt is not a clean way of doing that.
With the support of Guice (about which I got to know from a recent dis= cussion in thrift mailing list), security enforcement could be moved to a s= eparate interceptor and is enforced on each method only by an annotation.

Hope the same mechanism could be used to enforce any other cross cutti= ng aspects on the airavata thrift API calls.

This change is implemented in the pull request[2], along with API meth= od changes related to security.

Thanks,
Hasini. =C2=A0




--047d7bdc9fb247edfd051b8ccbe3--