Implementing FluentSecurity over Ninject (aka porting StructureMap to Ninject)

Question

I'm a beginner on IoC and dependency injection. I'm reading about it, but I just can't get it. While I figure out how stuff works, I'm trying to implement some of these patterns on my project (and maybe learn by trial and error).

I'm implementing security control by using FluentSecurity package (from NuGet, btw). I need to implement a Policy Violation Handler, as described on this wiki. The problem is that the example is written for StructureMap IoC-container, and I'm using (or trying to) Ninject 2.2 (it seemed more simple for a beginner).

On their code, they suggest (a):

configuration.ResolveServicesUsing(type => ObjectFactory.GetAllInstances(type).Cast<object>());

And then (b):

public class WebRegistry : Registry
{
    public WebRegistry()
    {
        Scan(scan =>
        {
            scan.TheCallingAssembly();
            scan.AddAllTypesOf<IPolicyViolationHandler>();
        });
    }
}

My concerns:

1. I know that code (a) will be included on Global.asax. But what is Ninject's alternative to ObjectFactory.GetAllInstances()?
2. I have no idea neither where this code should be inserted nor what are the equivalents for WebRegistry, Scan, and the internal functions TheCallingAssembly and AddAllTypesOf.

I know this is a bit extensive question, but I appreciate any help! Thanks in advance.

Answer 1

I think this would be roughly equivelent

//add an instance of IKernel to your MvcApplication
[Inject]
public IKernel Kernel { get; set; }
...
configuration.ResolveServicesUsing(type => Kernel.GetAll(type));

To get the ability to scan an assembly for dependencies you would need an extension for ninject called Ninject.Extensions.Conventions, which was modeled after the one from SM.

public class WebModule : NinjectModule
{
    public WebModule()
    {
        Kernel.Scan(a => {
                    a.FromAssemblyContaining<YourType>();
                    a.BindWithDefaultConventions();
                    a.InTransientScope();
                });
    }
}

The assembly scanning business obviously isn't strictly necassary for what you're doing, this would work just as well. Personally I'm not a fan of assembly scanning because it seems a little too "magic", and when it doesn't work, it's not fun to debug.

Kernel.Bind<YourType>().ToSelf();

Answer 2

I had same problem like you had with Ninject. After hours of googling I downloaded the source code from github. I understood the code and debugged few methods to figured out how to resolve the services. All I have to do is provide a service locator to find the PolicyViolationException handlers.

Ninject equivalent seems to be like this.

configuration.ResolveServicesUsing(type => System.Web.Mvc.DependencyResolver.Current.GetServices(type));

I used Ninject MVC3 and I used below code to load the modules from my current MVC web project plus other assemblies.

private static void RegisterServices(IKernel kernel)
    {
        kernel.Load("*.dll");
        //kernel.Load(Assembly.GetExecutingAssembly());
    }

I configured PolicyViolationException handlers in my module:

public class MainWebNinjectModule : NinjectModule
{
    public override void Load()
    {
        // other bindings here
        Bind<IPolicyViolationHandler>().To<DenyAnonymousAccessPolicyViolationHandler>();
    }
}

Other required dependencies like ISecurityHandler, ISecurityContext etc are resolved by the internal IoC used in FluentSecurity.

Answer 3

Marius Schulz has written an excellent article that should help anyone wanting to use Ninject together with FluentSecurity.

Setting Up FluentSecurity to Use Ninject for Dependency Resolution