We're using Spring Security to control access to some services. It is working fine for 95% of the classes. However, there are two classes where the security annotations are being ignored completely. The security interceptor is not in the list of interceptors for those two classes when the services are called at runtime.
As far as I can tell, there are no differences between these classes and others that work. The basic structure is the same, other annotations used are the same. Scanning the classpath for the annotations picks up the classes. Other classes in the same package work fine.
I'm not very experienced with Spring Security, so I was hoping that someone could point me in the direction of something that I may have overlooked.
If anyone else is interested, what was happening is that we had a circular injection reference between two classes. Class A had a reference to Class B which had a reference to Class A.
When Spring attempted to create the bean for class A, it encountered the circular reference and created an early bean reference for class A which was then proxied. However, the step to add the method pointcuts occurs after all this, so the class got proxied without the security interceptor.
Related
I have the following problem:
Under src/groovy I have class that is created in many parts of application (not like spring beans but in the runtime using new () operator)
I want to inject some grails services into all those instances, is it possible somehow without invoking constructor or setters?
Invoking constructors and setters are the only two ways to do dependency injection that I know of. You can use reflection and directly set the field value, but that eliminates any opportunity of having some logic execute when a dependency is injected.
Usually src/groovy (and src/java) classes are called directly or indirectly from an artifact (controller/service/taglib/etc.) that can use dependency injection, so it's often a simple matter of doing the DI there, and passing those Spring beans to the src/groovy classes in their constructors, via setters, or as arguments of the methods that use them.
Obviously if these classes were Spring beans there wouldn't be an issue, because Spring creates them and manages dependencies. But once you are working with a non-bean that has a bean dependency, you either have to do the work yourself, or look into an AOP-style solution, since you need to be notified somehow that there's a new instance that needs to be configured. I assume that this is doable, probably with AspectJ, but it'll probably be more work than it's worth, and add an extra layer of magic to further confuse new team members beyond the regular Grails and Groovy magic.
I am implementing a custom ASP.NET membership provider that operates based on the custom repository class that in turn uses an Entity Framework DbContext as a mean of accessing a data.
Since this is an ASP.NET MVC application, IoC container (Ninject) is set to resolve instances of my DbContext InRequestScope.
My user data tables are a part of the single main DbContext.
Repository class is also bound to instantiate in InRequestScope. But the repository class is created by to satisfy the need of the custom MembershipProvider, which can't be set to instantiate InRequestScope. As a result, whenever I am trying to access Role data via repository, I get DbContext is already disposed exception.
Has anyone set up a similar configuration and if so, what was implemented differently to overcome the problem I am having. Thanks.
A workaround that has allowed me to continue with the project development was to manually create an instance of DbContext in Membership Provider constructor, in contrast to have Ninject inject it.
Maybe someone eventually will come up with a better approach to this particular problem, please post it here and I will remark it as an answer instead of this workaround.
I am trying to set up a web application stack based upon JBoss AS7 for small-scale research prototypes and student projects that meets following requirements:
I want to use AJAX-related scopes such as ViewScope -- or possibly a (View)AccessScope as in MyFaces Orchestra -- for my managed beans, in conjunction with PrimeFaces components.
JPA-based persistence should be fairly straightforward, without having to deal with the OpenSessionInView pattern etc.. The main problem I am having with JPA2 is the dreaded LazyInitializationException, especially in AJAX calls. I do not require manual control over conversations.
I want to use as few dependencies as possible, thus mostly relying on what is shipped with JBoss AS7.
Right now, I have set up a project with the following (mostly provided) Maven dependencies:
CDI
hibernate-2.0-api
jboss-ejb-api_3.1_spec
jboss-jsf-api_2.1_spec
jboss-annotations-api_1.1_spec
PrimeFaces 3
This looks pretty slim so far. What is missing is support for further JSF-specific scopes, and that I always get a LazyInitializationException when iterating over collections within a JSF page. Right now, my service classes for persistence look like this:
import javax.ejb.Stateful;
import javax.enterprise.context.RequestScoped;
#Stateful #RequestScoped
public class TestEntityService implements Serializable {
#PersistenceContext(type=PersistenceContextType.EXTENDED)
private EntityManager entityManager;
// ... some methods working with the entityManager ...
}
And my ResourceFactory bean:
public class ResourceFactory {
#Produces #PersistenceUnit
private EntityManagerFactory entityManagerFactory;
}
I unsuccessfully tried combinations with #Named instead of #Stateful, or #SessionScoped instead of #RequestScoped. However, I found that adding the Seam 3 Persistence, Solder & Faces modules seems to cure most of my problems, but this adds a ton of new dependencies to my project (e.g. seam-security, prettyfaces, drools, joda-time and further dependencies).
My questions are:
Would EJBs be of any help w.r.t. the LazyInitializationException? Or am I actually already using EJBs here due to the #Stateful annotation? I took this from a jboss-as sample application, but I am utterly confused by the differences between all these #ManagedBean, #Named, #Stateful, #LocalBean annotations... all I know is that I somehow need to bind the lifespan of my entity managers to the scope of the service bean.
Does anybody know other easy ways of getting around this problem? Using EAGER fetching is not an option as this only seems to work if there is not more than one collection per entity...
I just read about Apache CODI, which seems to be the CDI successor of MyFaces Orchestra. Is this a better alternative to Seam Faces? As far as I can see, it offers a ViewScope and ViewAccessScope, but nothing with regard to transaction management.
It would be great if someone with more experience in this field could shed some light on this -- I am currently a bit confused because there are so many libraries out there dealing with similar issues, albeit most apparently not compatible with each other (see e.g. here). Thanks!
You're right. All of this is quite confusing. This confusion comes from JSF2 and CDI providing the same feature. As these two specifications needs to work without the other they have similare annotations for Scope and EL exposition. This blog post details these confusing areas and how to make the right choice. To make it short, when using CDI with JSF, always use CDI annotations, or annotations that CDI will control thru an extension (as javax.faces.ViewScoped when you have Seam Faces or CODI in your project)
To answer to your questions
You're already using EJB with #Stateful annotation. EJB won't help you directly with LazyInitializationException but they are more natural option to deal with transaction and database (you can't use #PersistenceContext annotation in a pojo CDI bean). Regarding the confusing annotations I already answered
I have good experience with Seam Persistence. This CDI extension creates a managed Entity Manager that lives in conversation and allow the use of transaction outside EJB (if you don't have a Java EE container). Using this Entity Manager reduces significantly Lazy Lodaing issues. It can be inject in a stateless EJB which manage your DAO thanks to CDI magic that allows injecting Bean of different scope. Used in conjonction of Seam Faces you'll get the support of JSF ViewScope for CDI and a transaction tied to JSF lifecycle
I don't have any experience with CODI which seems to bring useful functionalities like nested conversation.
In conclusion, be aware that Seam and CODI are in a merge process right now in Apache Delta Spike, so the solution you're about to build should be re-evaluated in the coming month to include Delta Spike in the equation.
Honestly, there is no "one-size-fits-all" for CDI. Seam3 works great, MyFaces CODI works great, it really depends on what you want. For your situation, honestly, it seems like the easiest thing to do would be to create your own ViewScoped extension for your project, or pull the necessary parts from Seam 3 or CODI.
I've started a new project and have been gradually building my service layer up using ninject and the unit of work pattern. I've come across a problem and am looking for some help.
I have a LicenceService that requires access to the UserService so the constructor is
public LicenceService(IRepository<Licence> licenceRepo, IUserService userService)
however I'm now in the situation where my UserService needs access to the LicenceService so the constructor would be
public UserService(IRepository<User> userRepo, ILicenceService licenceService)
I'm guessing by this point you can see my circular reference problem. As Imagine this is not an uncommon problem does anybody have any suitable solutions.
How about a third service to hold references to both and communicate between them?
That is to say that the third service would call both, for specific purposes, rather than one having to know about the other.
You can solve this with a factory or delegate, but really it's a design issue. See if you can factor out some code into a third class to remove the circular dependencies.
If I am working on a class library how do I make use of Ninject here? i.e., from the internal class library point of view and also from the client code?
For example:
should the class library have its own IOC set up, or should it always assume the client code will supply?
if no (ie it's up to the client to have the IOC in place) then where is the mapping data stored here'. Is this mapping of the class library's functionality to be placed in the client?
If the client doesn't have an IOC what happens? Should they specify an IOC?
If the client does have an IOC does your IOC need to interact with theirs?
I don't see a problem with 2 (or more) IOC's working independently in the same app. But if the IOC's are creating the same objects then they should be put together.