Our testsuite has tests for security, so it definitely works :-)
Try the injboss tutorial example, to make sure you have got everything set up correctly. In the AOP distribution it is in docs/aspect-framework/examples/injboss/
I'm havinga look at the example now. Thanks for the advice.
Where can I find the tests in your testsuite ?
Ok. The plot thickens. Now I can't get your examples working either.
The file docs/aspect-framework/misc/running_jboss.html
is missing from the download (jboss-aop_1.3.4) so I cannot figure out what I am doing wrong. Under the AOP menu in the web-console all the deployments are shown as "unbound".
What I have doen is follow the documentation here http://docs.jboss.com/aop/1.3/aspect-framework/reference/en/html/running.html#jboss
and here http://wiki.jboss.org/wiki/Wiki.jsp?page=AOPSecurity to the letter.
Anyone else either had this trouble OR got this working ?
We have two sets of tests
in the main aop/aspects project folder under src/tests
if you check out jboss-head or the 4.0 branch they are under testsuite/ The source files are under src/main/org/jboss/aop and src/jdk15/org/jboss/aop (if you use Java 5 these files will overwrite the ones in src/main). Note that the testsuite itself does not use any special classloading techinques. It uses a deprecated technique of hooking into the RepositoryClassLoader via the Transformer interface.
The security tests are in the main testssuite
You need to enable weaving as per sections 10.3.2 or 10.3.3 depending on your JDK
(The dist contains a newer copy of this guide)
There are a few threads on this forum already where people have asked for this.
I'll start again and follow all the steps again as I must have missed something. I have started going back and checking thorugh this forum too.
When I figure out what I have done wrong I'll let you know.
Ok...I didn't read the jboss-service.xml comments in the jboss-aop-jdk50.deployer/META-INF dir. To enable load time weaving I also had to change the mbean code attribute to org.jboss.aop.deployment.AspectManagerServiceJDK5.
Thanks for all your help.
Now that I have the general issue of running AOP in jbiss solved I stil have the specific problem of the AOPSecurity aspects.
The user principal obtained by the AuthenticationInterceptor is always "null". How do I associate a principal/credential with a call so that the security aspects can use them ?
The easiest and naughtiest way of doing it is to set
org.jboss.security.SecurityAssociationSecurityAssociation.setPrincipal(new SimplePrincipal("somebody")); org.jboss.security.SecurityAssociationSecurityAssociation.setCredential("password".toCharArray() );
This is done by org.jboss.test.aop.bean.SecurityTester in the testsuite. Note that SecurityAssociation is considered an internal API. The proper way for a standalone client is to use the ClientLoginModule http://docs.jboss.org/jbossas/jboss4guide/r4/html/ch8.chapter.html#d0e19522
In the case of integrated tomcat/jboss security information should be propagated automatically from the web layer (again using the SecurityAssociation).
If this doesn't work, describe your setup in a bit more detail.
Doh! Yes I have been testing with web security "switched off".
Thanks for the cheeky hack for testing.
Many thanks again for all your help to get me this far,