[errai-dev] security

Erik Jan de Wit edewit at redhat.com
Thu May 23 09:50:12 EDT 2013 

Right what I should have added is that on the server side the interceptors are cdi interceptors and I cannot just change the way cdi will look for annotations. The other way around only have them on the implementation also doesn't work because the client side code will not be able to access the implementation. So possible solution would be to recreate the cdi interceptor concept our self. 

On May 23, 2013, at 3:40 PM, "Lincoln Baxter, III" <lincolnbaxter at gmail.com> wrote:

> Ah yes, the good old "why are my annotated interface method annotations not inherIted?" question. This all depends on how you are scanning for the annotation. Typically annotation scanning only looks at the base level class, but you generally have to walk up the type hierarchy to find the real answer :) like so:
> 
> https://github.com/forge/core/blob/2.0/container-api/src/main/java/org/jboss/forge/furnace/util/Annotations.java#L189
> 
> Hope this helps,
> ~Lincoln
> 
> 
> On Thu, May 23, 2013 at 6:02 AM, Erik Jan de Wit <edewit at redhat.com> wrote:
> Hi,
> 
> Good news I think I'm done with the security module, finally. But there is one last thing that is bothering me. Maybe someone has a solution I didn't think of.
> 
> Like I've explained before I have a 2 SecurityInterceptors one on the client and one on the server. With the client security interceptor I check the servers state and 'redirect' the user to the login page if he is not logged in. Because the client can be manipulated there is also a server side interceptor that will throw a exception if the user is not logged in.
> 
> This is all very nice and all a user will have to do is annotate the methods. I use the same annotation for both the client and the server side interceptor, but I have to annotate the remote interface and the service implementation e.g.
> 
> @Remote
> 
> public interface MessageService {
> 
>   @RequireAuthentication
>   String hello();
>  
> 
>   @RequireRoles("admin")
>   String ping();
> 
> }
> 
> @Service
> public class MessageServiceImpl implements MessageService {
> 
>   @Inject
>   AuthenticationService authenticationService;
>  
> 
>   @Override
>   @RequireAuthentication
>   public String hello() {
> 
> 
> 
> What I don't like is that the user will need to keep these to in sync, do you guys have an idea to have only one of these but still have both of the interceptors triggered?
> 
> Cheers,
> 	Erik Jan
> 
> 
> _______________________________________________
> errai-dev mailing list
> errai-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/errai-dev
> 
> 
> 
> -- 
> Lincoln Baxter, III
> http://ocpsoft.org
> "Simpler is better."
> _______________________________________________
> errai-dev mailing list
> errai-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/errai-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/errai-dev/attachments/20130523/61f3e34c/attachment-0001.html

More information about the errai-dev mailing list