All geek questions in one place

Spring @Transactional v Spring Security @ Guaranteed inconsistent behavior

Spring documentation recommends putting @Transactional annotation in a specific class / method, rather than an interface. The reason for this is multiple stack overflows, for example:

Where should I put the @Transactional: annotation in the interface definition or in the implementation class?

Spring Security @ Delayed behavior is different; most of the documentation shows the placement of annotations on the interface. Actually, it looks like you are working with an interface annotation or a specific class and regardless of whether you use JDK or CGLib proxies.

This seems like an excellent solution. So why inconsistency? One answer to the aforementioned question suggests the impact of performance ... but, of course, performance is just as important for security ?!

And how does @Secured solve the problem of diamond inheritance (the class implements 2 interfaces, both have @Secured the same method in different ways)?

+6
source share
1 answer

When using both the JDK proxy and CGLib, you end up with a TransactionInterceptor for @Transactional and a MethodSecurityInterceptor for @Secured .

But these two MethodInterceptors use different mechanisms to search for annotations for a given MethodInvocation .

@ A pinned annotation is found by SecuredAnnotationSecurityMetadataSource using AnnotationUtils.findAnnotation (Method Method, class> annotationType) , and @Transactional is detected by AnnotationTransactionAttributeSource using SpringTransactionAnnotationParser .

AnnotationUtils seems to have much more advanced annotation lookup mechanisms, classifying both interfaces and the method declaring the class hierarchy.

You can create your own TransactionAnnotationParser that uses AnnotationUtils, and this should include the same functionality in @Transactional.

AnnotationUtils returns the first annotation found, so inheritance is handled with it.

+3
source

Source: https://habr.com/ru/post/903431/

More articles:


All Articles