<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hi Guys,<div><br></div><div>What I like in a lot of security frameworks is that one can secure method calls with a simple annotation. So my idea was that we could make something like @RequireAuthentication on the remote interface and that would not allow the call if nobody is logged in. We could develop something like this based on the InterceptedCall functionality, but because of the way InterceptedCall is setup there is no way to make another annotation behave like InterceptedCall. To make it a bit more clear i cannot define an annotation like this:</div><div><br></div><div><div>@Retention(RetentionPolicy.RUNTIME)</div><div>@Target({ElementType.TYPE, ElementType.METHOD})</div><div>@InterceptedCall(SecurityInterceptor.class)</div><div>public @interface RequireAuthentication {</div></div><div>}</div><div><br></div><div>and have the SecurityInterceptor invoked the only way I can do it is by annotating the methods with:</div><div><br></div><div>@InterceptedCall(SecurityInterceptor.class)</div><div><br></div><div>Why now have it more like the CDI interceptor api <a href="http://docs.oracle.com/javaee/6/api/javax/interceptor/InterceptorBinding.html">http://docs.oracle.com/javaee/6/api/javax/interceptor/InterceptorBinding.html</a></div><div><br></div><div>This gives me the ability to lousily couple the annotation with the interceptor are there reasons for the model that is implemented now? Can we change it so that it will be more flexible? Or shall we stick with how it's is now and extend the functionality to make it work with my example annotation?</div><div><br></div><div>Cheers,</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Erik Jan</div></body></html>