1. 首頁
  2. 問答
  3. 如何在AspectJ 1.6和Tomcat 6上加載編譯JSP的時間?

如何在AspectJ 1.6和Tomcat 6上加載編譯JSP的時間?

2012-08-10 75 views
1

這是我的情況:如何在AspectJ 1.6和Tomcat 6上加載編譯JSP的時間?

我在Eclipse中有一個Web應用程序。目前它是一個AspectJ Web應用程序。

我在我的「src」文件夾中有一個名爲JSPCSRFTokenInjection.aj的方面,它具有捕獲JspWriter.write方法和其他一些東西的切入點。它看起來像這樣:

package com.aspects; 
import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletResponse; 
import javax.servlet.jsp.JspWriter; 

import org.apache.log4j.Logger; 

import com.thesis.aop.util.StopWatch; 

public aspect JSPCSRFTokenInjection{ 
Logger logger; 
StopWatch watch; 

private String currentCSRFToken = null; 

//Constuctor for the Aspect. I do some init of loggers and 
//such here. 
public JSPCSRFTokenInjection(){ 
    //PropertyConfigurator.configure("log4j.properties"); 
    logger = Logger.getLogger("csrfMitigationLogger"); 
    logger.info("CSRF Injection Aspect Created"); 
    watch = new StopWatch(); 
} 


//Capturing the CSRF Token from the request by intercepting the 
//_jspService method inside of the JSP 
public pointcut csrf_jspServiceIntercept(HttpServletRequest req, 
    HttpServletResponse resp) : 
    call(public void _jspService(HttpServletRequest, HttpServletResponse)) 
    && args(req, resp); 


before(HttpServletRequest req, HttpServletResponse resp) : 
    csrf_jspServiceIntercept(req, resp){ 
    currentCSRFToken = (String) req.getParameter("csrfSalt"); 
    logger.info("Got CSRF Token from request: " + currentCSRFToken); 
} 

//Pointcut and advice for capturing the writing into a JSP. 
public pointcut csrf_captureFormWriting(String msg, JspWriter writer) : 
    call(public void JspWriter.write(String)) 
    && args(msg) 
    && target(writer) 
    && if(msg.toLowerCase().contains("</form>")); 

before(String msg, JspWriter writer) : csrf_captureFormWriting(msg, writer){ 
    try{ 
     logger.info("WRITING TO JSP"); 
     writer.write("TEST_CSRF"); 
     writer.write("<input type='hidden' name='csrfSalt' value='" +  currentCSRFToken + "'/>"); 
    } 
    catch(Exception e){ 
     e.printStackTrace(); 
    } 
} 

}

我也有一個aop.xml文件中WebApp/WebContent/META-INF/目錄。 僅供參考,我的web.xml文件位於WebApp/WebContent/WEB-INF/目錄中。

aop.xml看起來像這樣:

<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE aspectj PUBLIC "-//AspectJ//DTD//EN" "http://www.eclipse.org/aspectj  /dtd/aspectj.dtd"> 
<aspectj> 
<weaver options="-showWeaveInfo -verbose -debug -Xset:weaveJavaPackages=true"> 
    <!-- Weave types that are within the javax.* or org.aspectj.* 
    packages. Also weave all types in the foo package that do 
    not have the @NoWeave annotation. --> 
    <include within="javax.*"/> 
    <include within="com.*"/> 
    <include within="org.*"/> 
    <include within="org.aspectj.*"/> 
</weaver> 
<aspects> 
    <!-- declare two existing aspects to the weaver --> 
    <aspect name="com.aspects.JSPCSRFTokenInjection"/> 
    <aspect name="com.aspects.MitigateCSRFAspect"/> 
    <!-- Of the set of aspects declared to the weaver 
    use aspects matching the type pattern "com..*" for weaving. --> 
    <include within="com.*"/> 
    <include within="org.*"/> 
    <!-- Of the set of aspects declared to the weaver 
    do not use any aspects with the @CoolAspect annotation for weaving --> 
</aspects> 
</aspectj>

我也是在Tomcat中添加-javaagent:C:/aspectj1.6/lib/aspectjweaver.jar到我的JVM參數。

如果有幫助,我使用的是tomcat的SysDeo插件。此外,編譯時織入在應用程序的其他部分工作正常,但是,我無法編織影響JSP的任何方面。

來源

2012-08-10 bsimic

+1

不完全確定,但你的簽名可能有點不對,它應該是'通過通配符調用(public void * ._ jspService(HttpServletRequest,HttpServletResponse)'來表示任何類型 – 2012-08-11 18:50:03

+0

這也是真的。但是,我的aop.xml錯誤! – bsimic 2012-08-13 13:34:36

回答

2

我想出了這個問題。我把我的aop.xml文件放在錯誤的目錄中。我非常愚蠢。

它應該在

<ProjectRoot>/WebContent/WEB-INF/classes/META-INF/aop-ajc.xml

目錄中去。但是,我直接將它放在WEB-INF下。

來源

2012-08-13 13:36:31 bsimic

相關問題

 相關問題