Aspectj and spring security aspects - order of advice execution

Question

I'm using spring-security 3.2.4.RELEASE , spring-security-aspects 3.2.4.RELEASE, AspectJ maven plugin version 1.6, Java 7.

I using AspectJ's weaving and not SpringAOP, therefore my aspectj maven plugin looks like this:

           <plugin>
                <groupId>org.codehaus.mojo</groupId>
                <artifactId>aspectj-maven-plugin</artifactId>
                <version>1.6</version>
                <executions>
                    <execution>                     
                    <goals>
                        <goal>compile</goal>
                        <goal>test-compile</goal>
                    </goals>
                    </execution>
                </executions>
                <configuration>
                    <Xlint>ignore</Xlint>
                    <showWeaveInfo>true</showWeaveInfo>
                    <source>${java.version}</source>
                    <target>${java.version}</target>
                    <complianceLevel>${org.aspectj-version}</complianceLevel>
                    <aspectLibraries>
                        <aspectLibrary>
                            <groupId>org.springframework.security</groupId>
                            <artifactId>spring-security-aspects</artifactId>
                        </aspectLibrary>
                    </aspectLibraries>
          </plugin>

I have another aspect that looks like this:

package com.mycompany.fw.app.config;

import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.DeclarePrecedence;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.core.ParameterNameDiscoverer;
import org.springframework.security.core.parameters.DefaultSecurityParameterNameDiscoverer;

import com.mycompany.fw.security.Integration;

@Aspect
@DeclarePrecedence("IntegrationAspects*,*")
public class IntegrationAspects {

    ParameterNameDiscoverer parameterNameDiscoverer = new DefaultSecurityParameterNameDiscoverer();

    @Pointcut("(execution(* com.mycompany..*(..))) && @annotation(integrate) ")
    public void integratePointCut(Integration integrate) {

    }

    /**
     * TODO: cache
     * 
     * @param jp
     * @param integrate
     * @throws Throwable
     */
    @Around("integratePointCut(integrate)")
    public Object integrate(final ProceedingJoinPoint pjp, Integration integrate) throws Throwable {
        Object res = pjp.proceed();
        return res;
    }

}

What I need is to put the above (integration aspect) to be the first before any other aspect (including Spring's security aspect) As you can see I tried it with @DeclarePrecedence (I also tried it with declare precedence : IntegrationAspects*,* as well in an .aj file), unfortunately, without success.

Can someone instruct me how to define the aspects invocation order?

score 4 · Accepted Answer · answered Sep 08 '14 at 09:00

4

The problem is that you do not use the plain aspect name IntegrationAspects in @DeclarePrecedence, but a joker character *. In this case you need to use a fully qualified class name or jokers creating same.

Does not work:

@DeclarePrecedence("IntegrationAspects*, *")

Works:

@DeclarePrecedence("IntegrationAspects, *")

@DeclarePrecedence("com.mycompany.fw.security.Integration.IntegrationAspects, *")

@DeclarePrecedence("com.mycompany.fw.security.Integration.IntegrationAspects*, *")

@DeclarePrecedence("*..IntegrationAspects*, *")

And so forth. By the way, using upper-case package names and plurals in class names looks really ugly.

I am an AspectJ expert, not a Spring user, so I cannot tell you if declaring precedence will also affect Spring-provided aspects. It might also depend on whether they are implemented using native AspectJ or Spring-AOP (proxy-based "AOP lite").

answered Sep 08 '14 at 09:00

kriegaex

63,017
15
111
202

Thanks for your answer.I'm not using Spring-AOP but pure AspectJ (althought some of the aspects are written by the Spring guys) Are you aware to a limitation on combining aspects from *.aj files and *.java files in the @DeclarePrecedence annotation? To be more specific, you can look at the org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect which is an *.aj file, I'm trying to add an aspect that will be invoked prior to the securedMethodExecution aspect – Modi Sep 09 '14 at 10:56
Well, I could not know that you are using native AspectJ because you tagged the question also with *spring-aop*, and the syntax would have been the same anyway. Does my answer solve your problem? You have not mentioned anything about that. Your subtle syntax error keeps it from working in my own test project, my alternatives do work, though. – kriegaex Sep 09 '14 at 11:15
Another observation that I noticed is when I'm adding my own aspects , the order that I defined is applied but when I add the AnnotationSecurityAspect.aj to the order, nothing works as I expect, even the order that worked correctly before – Modi Sep 09 '14 at 11:16
You are right, they do work, but still when I add the AnnotationSecurityAspect, no order is applied. – Modi Sep 09 '14 at 11:17
`AnnotationSecurityAspect` is part of the Spring framework. I do not know how it is woven into the code and if it uses the same weaver instance as the one used for your own aspects. Can you provide me as a Spring noob with a Git(Hub) repository containing a ready-to-run project reproducing the problem? Optimally with a Maven build? – kriegaex Sep 09 '14 at 11:23
OK @Kreig,, while creating the sample project, I created it with some newer versions of libraries (AspectJ and Spring) and it works great now. If you still like, I can share the sample project via Github. Anyway, thank you so mach for your time and effort. – Modi Sep 09 '14 at 15:12
Yeah, sometimes it is a good strategy to start with a clean slate and then recapitulate the steps necessary to get where you want to. If it is not too much work for you and you have the repo ready to be pushed to GitHub, I would like to take a quick look. Otherwise, also fine. :-) – kriegaex Sep 09 '14 at 18:22
You can find the project here: https://github.com/MordechaiTamam/Spring-Security-based-on-AspectJ-and-addtional-ordered-aspects- – Modi Sep 10 '14 at 04:53
Yes, it works nicely. I was just a bit confused because you have two ordering aspects in the repo, one in native AspectJ syntax and one in annotation style. And BTW, compilation fails when running Maven under Java 8 because of [this problem](https://jira.codehaus.org/browse/MASPECTJ-131) in AspectJ Maven Plugin. It will be resolved in plugin version 1.7. When I run Maven under Java 7 it works. – kriegaex Sep 10 '14 at 08:54
Another solution for me was upgrading AspectJ to 1.8.2, then it also works when Maven runs under Java 8. – kriegaex Sep 10 '14 at 09:09

Aspectj and spring security aspects - order of advice execution

1 Answers1