"We're building a CMS using AOP too, and we used the same ideas for
composition of objects (i.e. the base object does nothing). We handle
security exactly like Jon said in the first comment, i.e. using a
servlet filter to set a threadlocal. The aspect delegates the actual
security computation to a service, so it's easy to use explicitly as
well, but that's just implementation details." - Rickard
My first and abrupt thought was "oh my god, THE Rickard
Öberg talked to me", and then the left side of the brain took over,
stopped my ass-kissing cheer-leading impulses and paid attention to
what the man says. Yeah, sorry about that, I shouldn't be blogging
what's going on in my head with so much uninteresting details. Back to
what the man says, shall we? :)
Awesome, a Servlet Filter...perfect place to set a static ThreadLocal
with the user credentials. I was already trying to mess around with
ThreadLocals (never needed to use them before - yes, my job was that
boring :), and everything was coming along in my head, but I was trying
to set up just a simple WebWork action, and it'd be quite messy (others
might be a little more extreme and call it just plain wrong...) to
create an ActionSupport subclass and extend that subclass on all of my
actions. Now the whole puzzle fits together like a charm. Thanks again,
guys, you've made my week :D
Previous Topic
