-
1. Re: Security proxy annotation?
bdecoste Jun 21, 2006 11:32 AM (in response to judge2005)The security proxy mechanism is no longer supported by EJB3. In fact, it's really a deprecated mechanism for JBossAS. You have a few options.
You can add a custom interceptor by writing your own security interceptor class and deploying the interceptor by adding it to ejb3-interceptors-aop.xml.
Or, as you mention, you can use the @Interceptor, @Interceptors, and @AroundInvoke annotations to add a security interceptor.
Security information is available through the org.jboss.security.SecurityAssociation singleton - you can determine Principal and Credential information from there.
You can also determine specific (target, method, parameters) info from the InvocationContext and also generic information via getContextData() -
2. Re: Security proxy annotation?
judge2005 Jun 21, 2006 12:29 PM (in response to judge2005)Thanks for the reply. That's very useful. I also finally realized that I can inject the EJBContext into the interceptor and get the principal infor from there, though I note I can get more information from the SecurityAssociation.
I'm not sure I need it, but can I get security domain information from within an standard EJB3 interceptor? I know I can get the value of the @SecurityDomain annotation on the target object, but what about the currently active security domain (if that makes sense)?