Hi,
First, thanks for posting this interesting article...I have a couple of questions and comments.
First, since each method needs to call the security blanket anyway, why not just pass the required roles into that method rather than have the annotation deal with it? Is it just so that the information is available in other contexts (ie for doc purposes)? I wonder how all this would perform with all the reflection going on, and the generation of stacktraces (which is expensive).
Which brings me to the stacktrace usage. I think a bug in this is that you should not rely on the stacktrace to always be accurate. Under heavy usage, code can be JIT'ed, at which point certain method names, etc may not appear in the stack. To make sure this never happened, you would need to disable JIT, which could cause performance problems.
Using the stacktrace like that just doesn't seem like good practice to me...
Regards,
Charles.
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
