Aspect pointcut to match Annotation property - spring

I'm trying to use Spring AOP with AspectJ support to weave methods with a certain annotation. I know it's easy to do so by using a pointcut #annotation(classname)
But I need to create weavers based on properties of the annotation. The annotation in question is Spring's #RequestMapping, and I need to check the method property of it.
I know I could access it inside the body of the advice, but what I really would like is to create one advice per matched annotation.
Is this possible?

There doesn't seem to be a way to do it, but you can check the parameters of the annotation immediately on entry and immediately pass it on if they're not satisfied.
#Around("execution(public * *(..)) && #annotation(reqMap)")
public Object myMethod(ProceedingJoinPoint pjp, RequestMapping reqMap)
throws Throwable {
if (notRightPropertyValue(reqMap))
return pjp.proceed();
// Do your stuff here
}
If this is too inelegant, consider inventing an extra annotation to mark just the methods that you're really interested in.

Related

AspectJ pointcut on method in Spring CrudRepository

I'm using Spring's CrudRepository in combination with the annotation #RepositoryRestResource to implement a simple CRUD-app that can be used throught a RESTful API. I now want to add an AspectJ pointcut on my repository, so that some functionalities will be executed whenever a CRUD-method from the interface is called.
First, I extend Spring's CrudRepository to add some custom functionalities in my own interface:
#RepositoryRestResource(collectionResourceRel = "customers", path = "customers")
public interface CustomerRestRepository extends CrudRepository<Customer, Integer>{
Customer findOneByGuid(#Param("customerGuid") String customerGuid);
//Other custom methods.
}
Everything is working fine and I'm able to call this method via my REST client. I do not have to implement the interface CustomerRestRepository since Spring is doing the job as a miracle in behind. This is one of the crucial advantages of extending Springs's CrudRepository.
The problem, I'm facing now, is to add an AspectJ pointcut on this custom method findOneByGuid() that will, for example, log every call of the method after it's execution.
What I've tried by so far is:
#Aspect
public aspect AfterCustomerCrudAspect {
#Pointcut(
"execution(* com.x.y.z.CustomerRestRepository.findOneByGuid(..))")
public void customerCrudMethod() {}
#AfterReturning("customerCrudMethod()")
public void doSomething() {
//Do something
}
}
I've also tried:
1) execution(* com.x.y.z.CustomerRestRepository+.findOneByGuid(..))
2) execution(* org.springframework.data.repository.Repository+.*(..))
3) within(com.x.y.z.CustomerRestRepository)
4) annotation(RepositoryRestResource)
...and many others I do not remember. All with the same frustrating result: The advice is never applied.
By the way, I do not face any exceptions and if I try execution(* *.*(..)), the advice is working well - but, of course, not limited to the method findOneByGuid(). Thus, I think my code is correct in general.
I know that it is not possible to set pointcuts on interfaces. But since I do not have to implement the interface CustomerRestRepository by my own to get things working, I need to find a way to set a pointcut on an interface's method - or to find some other solution.
Well, one possible solution to that would be to implement the interface CustomerRestRepository. But then I've to do all the implementation work for the repository by my own and skip using the advantages of Spring's CrudRepository.
Thus, my question is, if there is a possibility to set a AspectJ pointcut on methods in a Spring CrudRepository.
Many thanks in advance for all the answers.
Well, I solved my problem in a different way.
Sometimes, things are less complicated than expected. Adding an AspectJ pointcut on a Spring CRUD-repository to execute some functionalities, whenever an entity is changed was not the best idea. (And at the best of my knowledge, it is not possible at all.)
There is a much more easier way to implement my requirement: The package javax.persistence provides the annotation #EntityListeners that suites perfectly to this job. So, annotate the entity class with the listener and implement the needed functionalities within the listener class:
#Entity
#EntityListeners(CustomerEntityListener.class)
//#Table, #NamedQueries and other stuff ...
public class Customer implements Serializable {
...
}
Implementation of the EntityListener:
public class CustomerEntityListener {
#PostPersist
public void customerPostPersist(Customer customer) {
//Add functionalities
}
}
The EntityListeneralso provides annotation for #PostUpdate, #PostRemove and so on - visit this site for more information.

Spring AOP Exclude Some Classes

I'm using Spring AspectJ for logging method execution statistics, however, I want to exclude some classes and methods from this without changing the pointcut expression.
To exclude certain methods I created a custom annotation which I use to filter out. However I'm unable to do the same with classes.
Here is my aspect definition -
#Around("execution(* com.foo.bar.web.controller.*.*(..)) "
+ "&& !#annotation(com.foo.bar.util.NoLogging)")
public Object log(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
// logging logic here
}
NoLogging is my custom annotation for excluding methods.
So how can I filter out certain classes without changing pointcut expression and without adding new advisors?
Okay so I found the solution - use #target PCD (pointcut designators) to filter out classes with specific annotation. In this case I already have the #NoLogging annotation so I can use that. The updated pointcut expression will then become as follows -
#Around("execution(* com.foo.bar.web.controller.*.*(..)) "
+ "&& !#annotation(com.foo.bar.util.NoLogging)"
+ "&& !#target(com.foo.bar.util.NoLogging)")
public Object log(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
// logging logic here
}
Explanation -
execution(* com.foo.bar.web.controller.*.*(..)) - all methods of all classes in c.f.b.w.controller package
"&& !#annotation(com.foo.bar.util.NoLogging)" - which do NOT have #NoLogging annotation on them
"&& !#target(com.foo.bar.util.NoLogging)" - and whose class also does NOT have #NoLogging annotation.
So now I simply have to add #NoLogging annotation to any class whose methods I want to be excluded from the aspect.
More PCD can be found in Spring AOP documentation - http://docs.spring.io/spring/docs/current/spring-framework-reference/html/aop.html#aop-pointcuts-designators
As per Spring AOP documentation
PCD can be &&'ed, ||'ed, and ! (negated) too.
So I guess this is more of trial and error exercise. I think you can try something like && !#within #within is applicable for types. Or you can try !#target
But then again I think it could be tricky.
Another approach: declare two pointcut definitions and combine them. And example, here on the documentation page. I would try this first. Something like
#Pointcut(executionPC() && nonAnnotatedClassesPC() && nonAnnotatedMethodsPC())
Disclaimer: As I said, this looks more like trial and error. And I don't have a clear working example.

Before pointcut on HttpServletResponse sendRedirect compiling but not firing

I'm currently trying to add a pointcut around calls to HttpServletResponse.sendRedirect (api doc http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html) using aspectj and spring aop. The code for the class and pointcut are as follows:
#Aspect
#Log4j
class ExampleAspect {
#Before("execution(* javax.servlet.http.HttpServletResponse.sendRedirect(..))")
void logRedirectBeforeSending() {
log.warn('holy cow batman, its a redirect!')
}
}
Currently although the above code compiles it doesn't actually ever execute (as evidenced by a lack of warn output in the log and debug breakpoints in the advice code never being hit).
Although I've omitted them here just for the sake of simplicity the aspect contains other pointcuts which do correctly fire so I have ruled out aspect configuration as a potential cause (which is why I am not including my spring bean configuration).
Further, I have double checked via debugging that a class which implements HttpServletResponse.sendRedirect() is being called when I'm testing my pointcut (if it helps, one of the implementing classes being called is org.apache.catalina.connector.Response https://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/connector/Response.html).
Is there something I'm missing in my pointcut definition that's required when defining a pointcut around an interface? Best I could tell from the Spring AOP documentation it shouldn't require any special syntax.
I've been playing around with variations in the pointcut definition but haven't had any luck yet.
All in all I'm stumped, any ideas?
I expect that your response object is not coming from the Spring application context and as such it would not be subject to your aspect.
It doesn't matter that the call is being initiated from a Spring bean. It matters that the call is being invoked on a Spring bean. If you for example wrote a point cut to be applied to the append method in StringBuffer and then you did something like new StringBuffer().append('something'), your point cut would not be applied because the StringBuffer that you are interacting with is not a Spring bean. I don't know how your app is put together but unless your response is coming out of the Spring context, I don't expect your point cut to be applied.

Load-Time-Weaving differences between aspectj-weaver and spring-weaver

I am having some strange problems using spring and Load-Time-Weaving using AspectJ.
In one of my Apsects, I wanted to react on invocations of the "doAuthentication" Method of the class org.springframework.flex.security3.SpringSecurityLoginCommand. Therefore I created a method:
#Around("execution(* org.springframework.flex.security3.SpringSecurityLoginCommand.doAuthentication(..))")
public Object aroundDoAuthentication(ProceedingJoinPoint pjp) throws Throwable {
...
This aspect is woven correctly if I use the aspectj-weaver agent, but is ignored if I use the spring-weaver. Unfortunately I have to use the spring-weaver, if I want correct aspect-spring integration. The only way I found out to get my aspect woven is to weave it around every method of the target class and to programatically filter the aspect calls:
#Around("execution(* org.springframework.flex.security3.SpringSecurityLoginCommand.*(..))")
public Object aroundDoAuthentication(ProceedingJoinPoint pjp) throws Throwable {
final String methodName = pjp.getSignature().getName();
if("doAuthentication".equals(methodName)) {
...
Using the above code, I managed to weave everythgin correctly, but I am not sattisfied with this as it seems to be a big hack to me.
Could anyone please explain why using the Spring-Weaver I am not able to weave the same as with the aspectj-weaver?
Chris
I don't know the code, but this seams to be the same old question.
Spring AOP is per default proxy based.
This means only invocations of methods that come from outside of the bean go though the proxy. Therefore only this invocation can trigger the AOP advice.

Can I inject code in spring using AOP annotations?

Is it possible to do something like the following:
public void doStuff(#RequirePrivilege("foo") User user) {
// ...
}
and have it effectively run as if it were the following?
public void doStuff(User user) {
if(!user.hasPrivilege("foo"))
throw new UserHasInsufficientPrivileges(); // this is a RuntimeException
// ...
}
I know that Spring has various sorts of AOP support, but the best I could find was AOP code which was annotated so that it would execute before or after a specific method. I want to do the inverse and annotate the code that should be changed.
Ultimately I could just do the above check inside the method, but the annotation way of doing things provides additional documentation which makes it obvious that the user requires a particular privilege without having to keep the documentation in sync with the code.
You can look at using AspectJ for doing this, as it will match on annotations. You can then use an around aspect to decide if the user meets the requirements to use this method.
Spring allows you to use AspectJ, and I would suggest that if possible you not do this at run-time, but at compile-time, as there is no reason to pay the price for using this aspect whenever you start the application. But, if you must do it at run-time then that is doable, to me I try to use compile-time as much as possible.
You may want to look at AspectJ In Action (http://www.manning.com/laddad2/) but here is an example from there:
Signature pattern:
* *(#RequestParam
(#Sensitive *))
Description
*Any method with one parameter marked with the #RequestParam annotations and the parameter’s type is marked with the #Sensitive annotation.*
Example
void create(#RequestParam
MedicalRecord mr), assuming
MedicalRecord carries the
#Sensitive annotation.
I'm certain that your "insufficient privileges" example can be done with Spring AOP, because that's how Spring Security works. You can do some very sophisticated things with around advice and AspectJ.

Resources