I wrote the previous posting without referring to DWR-Guice integration but in practice I extended org.directwebremoting.guice.AbstractDwrModule, not com.google.inject.AbstractModule.
For DWR-Guice users, the nice thing about injectable method interceptors is that you can use them to replace most uses of AjaxFilter, which is a good thing because the AjaxFilter support in the DWR-Guice stuff is weak (mea culpa).
I had to write some support utilities to get the right effect, but now I can do something like this:
bindInterceptor(and AuthenticationInterceptor is injected, so that it can look like
subclassesOf(VulnerableService.class), // class matcher
declaredBy(VulnerableService.class), // method matcher
// prevent nested interception
outermostCall(new AuthenticationInterceptor()),
outermostCall(new AuthorizationInterceptor())
);
this:
class AuthenticationInterceptorThe subclassesOf matcher is part of Guice. The declaredBy matcher and the outermostCall interceptor decorator are custom implementations that I'll describe in a later posting.
implements MethodInterceptor {
@Inject Provider<RequestParameters> reqParmsProvider;
@Inject Provider<AuthenticationService> authSvcProvider;
public Object invoke(MethodInvocation invocation)
throws Throwable {
RequestParameters reqParms = reqParmsProvider.get();
AuthenticationService authSvc = authSvcProvider.get();
if (authSvc.authenticate(reqParms))
return invocation.proceed();
else
throw new AuthenticationException(reqParms);
}
}
No comments:
Post a Comment