3 Replies Latest reply on Apr 5, 2006 3:18 PM by Bill Burke

    EJB3 interceptors and security

    Scott Stark Master

      Here is a typical problem with security in ee:
      http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3935104#3935104

      The specs are not defining how interceptors (now ejb and servlet filters) integrate into security. Are ejb interceptors defined as applied after the access to the ejb method has been validated? If they are not, maybe we want a security annotation to allow this. Such an interceptor addition should be a priviledged operation so maybe it should only be allowed via a customization of the ejb3 aop container stack.