tags:

views:

181

answers:

1
+1  Q: 

Spring security annotations with EL -- requires debug information compiled in?

I am considering using Spring Security annotations for my application, with the EL (expression language) feature. For example:

@PreAuthorize("hasPermission(#contact, 'admin')")
public void deletePermission(Contact contact, Sid recipient, Permission permission);

I need the EL capability because I have built my own ACL implementation. However, to use this capability with the "#contact" type arguments, the Spring documentation says this:

You can access any of the method arguments by name as expression variables, provided your code has debug information compiled in.

This begs two questions:

  1. It is acceptable to have a production application commercially distributed with debug info in it?
  2. If not, is there any way around this?

Thanks for any guidance on this!

+2  A: 

As a workaround you can implement a custom ParameterNameDiscoverer with your own strategy. Here is an example which produces simple numbered names (arg0, etc):

public class SimpleParameterNameDiscoverer implements
        ParameterNameDiscoverer {

    public String[] getParameterNames(Method m) {
        return  getParameterNames(m.getParameterTypes().length);        
    }

    public String[] getParameterNames(Constructor c) {
        return getParameterNames(c.getParameterTypes().length);        
    }

    protected String[] getParameterNames(int length) {
        String[] names = new String[length];

        for (int i = 0; i < length; i++)
            names[i] = "arg" + i;

        return names;
    }
}

And configuration:

<global-method-security ...>
    <expression-handler ref = "methodSecurityExpressionHandler" />
</global-method-security>

<beans:bean id = "methodSecurityExpressionHandler" 
    class = "org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
    <beans:property name = "parameterNameDiscoverer">
        <beans:bean class = "foo.bar.SimpleParameterNameDiscoverer" />
    </beans:property>
</beans:bean>
axtavt  2010-05-25 15:10:24
This is great stuff. I did not know about this interface. Based on this implementation I guess I would refer to the arguments by number in the annotation:@PreAuthorize("hasPermission(#arg0, 'admin')")To be honest -- I think this is fine for my purposes. How do you feel about have debug info in distributed JARs?
HDave  2010-05-26 02:02:21
@HDave: I can't say anything about debug info in distributed code, personally, I dislike debug-info-dependent things because it makes behaviour of the code dependent on compiler options.
axtavt  2010-05-26 11:06:56

related questions

How can I set breakpoints in an external JS script in Firebug
How to remove debug statements from production code in Java
How to make the process of debugging ASP.NET Sharepoint applications less time consuming?
Visual Studio 2008 debugging issue...
Attaching to a foreign executable in Visual C++ 2003
Remote debugging accross domains
.NET Compiler -- DEBUG vs. RELEASE
How do I change the locations of source files in a symbols file (pdb)
Remote Debugging PHP Command Line Scripts with Zend?
Debugging asp.net with firefox and visual studio.net - very slow compared to IE
TCL development: debug environment
Standalone tools for debugging stored procedures
How do you configure VS2008 to only open one webserver in a solution with multiple projects?
Getting the subversion repository number into code...
In Visual Studio you must be a member of Debug Users or Administrators to start debugging. What if you are but it doesn't work?
IL level code debugger
MSVC6: Breakpoint stops program - WTF?
How do I debug Javascript in Visual Studio 2005?
Firebug for IE
I can't get my debugger to stop breaking on first-chance exceptions
Debugging: IE6 + SSL + AJAX + post form = 404 error
Best Debugging Tools for JavaScript/xulrunner Development
Visual Studio 2008 debugger already attached work-around
Heap corruption under Win32; how to locate?
How do you debug PHP scripts?