shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: About JSecurity's bytecode engineering
Date Mon, 29 Jun 2009 16:01:58 GMT
Hi Myoungkyu,

We don't have any AspectJ-specific code in place to support our code
annotations.  You would have to write that yourself.

The best advice I have is to look at the AOP base support classes:

http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/aop/

and the Spring AOPAlliance implementations:

http://svn.apache.org/viewvc/incubator/shiro/trunk/support/spring/src/main/java/org/apache/shiro/spring/security/interceptor/

and see if they give you any ideas as you try to write AspectJ-specific
versions.

Regards,

Les

On Mon, Jun 29, 2009 at 11:27 AM, mksong <hiizzgi@gmail.com> wrote:

>
> Hello, Les
>
> I think it looks like you’re saying that JSecurity can do
> bytecode engineering by means of AspectJ.
> Is it right? If it is true, that is what I try to search.
> If you could send me a small example using annotation for
> adding the security functionality, I’d very appreciate it.
>
> Thank you so much for your reply.
> Myoungkyu
>
>
>
>
> Les Hazlewood-2 wrote:
> >
> > The closest thing Shiro might get to bytecode enhancement might be due to
> > an
> > AOP framework that you use that modifies bytecode - but this is a choice
> > you
> > make and is not a requirement of the framework.
> >
> > For example, Shiro has code annotations @RequiresRole,
> > @RequiresAuthentication, etc, with which you can annotate code.  If the
> > AOP
> > framework configured to support Shiro uses bytecode manipulation, then
> > obviously bytecode changes could enforce the annotations.
> >
> > But this is a factor of the AOP mechanisms you use and is not controlled
> > by
> > Shiro directly.  AspectJ for example can perform build time or runtime
> > bytecode manipulation to support Shiro annotations, but AOPAlliance might
> > use JDK-provided Proxying mechanisms at runtime and no bytecode
> > manipulation.
> >
> > Ultimately though you need to specify somehow how the security framework
> > is
> > supposed to execute - either via a Servlet Filter or code @Annotations or
> > text-based configuration, or some other mechanism.  The developer needs
> to
> > direct the way the security framework behaves.
> >
> > So if you desire bytecode enhancement, then yes, you can have it as long
> > as
> > you use something like, say, AspectJ to perform the bytecode manipulation
> > which would disover and enforce the Shiro annotations.  This is done by
> > writing Advice that calls the Subject API to perform security checks, and
> > that Advice is 'weaved' by AspectJ.  Shiro does not currently have any
> > AspectJ-specific Advice written - you'd have to do it yourself, but you
> > could look at the classes in org.apache.shiro.aop.* for ideas.
> >
> > Regards,
> >
> > Les
> >
> > On Sun, Jun 28, 2009 at 8:50 PM, mksong <hiizzgi@gmail.com> wrote:
> >
> >>
> >> Hello, Manoj
> >>
> >> I am searching a framework which changes the bytecode directly,
> >> without modifying source code. As you knew, this is bytecode
> >> engineering or enhancement. Based on this idea, I thought JSecurity
> >> modified bytecode in order to support a security functionality
> >> relieving a programmer from the burden of having to implement
> >> important security concerns by hand.
> >>
> >> So, is the method of supporting the security functionality a type
> >> of API at JSecurity (or Apache Ki)?
> >>
> >> Myoungkyu
> >>
> >>
> >>
> >>
> >> Manoj Khangaonkar wrote:
> >> >
> >> > Hi Myoungkyu,
> >> >
> >> > Just curious, what kind of security policies are you interested in ?
> >> > Can you give an example.
> >> >
> >> > Authorization policies ( role based or other ) that shiro supports
> >> > does not necessarily require any byte code manipulation.
> >> >
> >> > thanks
> >> >
> >> > Manoj
> >> >
> >> > On 6/28/09, mksong <hiizzgi@gmail.com> wrote:
> >> >>
> >> >> Thanks for your reply.
> >> >>
> >> >> For example, Hibernate does not perform any bytecode
> >> >> manipulation on its own, but it uses a proxying library that
> >> >> creates proxies at the bytecode level.
> >> >>
> >> >> If you do not manipulate bytecode,
> >> >> how do you enforce security policies then?
> >> >>
> >> >> Regards,
> >> >> Myoungkyu
> >> >>
> >> >>
> >> >>
> >> >> Les Hazlewood-2 wrote:
> >> >>>
> >> >>> Hiya,
> >> >>>
> >> >>> The project (now named Shiro) does not perform bytecode manipulation
> >> of
> >> >>> any
> >> >>> sort.
> >> >>>
> >> >>> Regards,
> >> >>>
> >> >>> Les
> >> >>>
> >> >>> On Sat, Jun 27, 2009 at 11:26 PM, mksong <hiizzgi@gmail.com>
wrote:
> >> >>>
> >> >>>>
> >> >>>> Hello, All
> >> >>>>
> >> >>>> I am carring out an experiment on JSecurity's bytecode engineering.
> >> >>>>
> >> >>>> I tested JSecurity to see if the framework would generate any
> >> >>>>
> >> >>>> bytecode related to security or add anything to the existing
ones.
> >> >>>>
> >> >>>> With the attached log file, I am not sure if JSecurity does
> bytecode
> >> >>>> engineering or not.
> >> >>>> (Here are the log file at loading time and the slide file explaing
> >> what
> >> >>>> I
> >> >>>> did:
> >> >>>>
> >> http://people.cs.vt.edu/~mksong/jsecurity/<http://people.cs.vt.edu/%7Emksong/jsecurity/>
> <http://people.cs.vt.edu/%7Emksong/jsecurity/>
> >> <http://people.cs.vt.edu/%7Emksong/jsecurity/>
> >> >>>>
> >> http://people.cs.vt.edu/~mksong/jsecurity/<http://people.cs.vt.edu/%7Emksong/jsecurity/>
> <http://people.cs.vt.edu/%7Emksong/jsecurity/>
> >> <http://people.cs.vt.edu/%7Emksong/jsecurity/>)
> >> >>>>
> >> >>>> Is it true?
> >> >>>>
> >> >>>> --
> >> >>>> View this message in context:
> >> >>>>
> >>
> http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3168851.html
> >> >>>> Sent from the Shiro User mailing list archive at Nabble.com.
> >> >>>>
> >> >>>>
> >> >>>
> >> >>>
> >> >>
> >> >> --
> >> >> View this message in context:
> >> >>
> >>
> http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3170891.html
> >> >> Sent from the Shiro User mailing list archive at Nabble.com.
> >> >>
> >> >>
> >> >
> >> >
> >>
> >> --
> >> View this message in context:
> >>
> http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3171896.html
> >> Sent from the Shiro User mailing list archive at Nabble.com.
> >>
> >>
> >
> >
>
> --
> View this message in context:
> http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3175117.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
>

Mime
View raw message