3 Replies Latest reply on Apr 5, 2006 3:18 PM by bill.burke

EJB3 interceptors and security

starksm64 Apr 5, 2006 1:53 PM

Here is a typical problem with security in ee:
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3935104#3935104

The specs are not defining how interceptors (now ejb and servlet filters) integrate into security. Are ejb interceptors defined as applied after the access to the ejb method has been validated? If they are not, maybe we want a security annotation to allow this. Such an interceptor addition should be a priviledged operation so maybe it should only be allowed via a customization of the ejb3 aop container stack.

1. Re: EJB3 interceptors and security

kabirkhan Apr 5, 2006 2:00 PM (in response to starksm64)

EJB interceptors are invoked at the end of the container chain, i.e. after the container security interceptor
Actions
2. Re: EJB3 interceptors and security

starksm64 Apr 5, 2006 2:48 PM (in response to starksm64)

Ok. Can we do deployment level ejb3 aop container configurations via a jboss-aop.xml descriptor such that one could introduce a custom security interceptor?
Actions
3. Re: EJB3 interceptors and security

bill.burke Apr 5, 2006 3:18 PM (in response to starksm64)

yes.
Actions

Go to original post