Ah yes, the good old "why are my annotated interface method annotations not inherIted?" question. This all depends on how you are scanning for the annotation. Typically annotation scanning only looks at the base level class, but you generally have to walk up the type hierarchy to find the real answer :) like so: https://github.com/forge/core/blob/2.0/container-api/src/main/java/org/jb... Hope this helps, ~Lincoln On Thu, May 23, 2013 at 6:02 AM, Erik Jan de Wit <edewit(a)redhat.com&gt; wrote: Hi, Good news I think I'm done with the security module, finally. But there is one last thing that is bothering me. Maybe someone has a solution I didn't think of. Like I've explained before I have a 2 SecurityInterceptors one on the client and one on the server. With the client security interceptor I check the servers state and 'redirect' the user to the login page if he is not logged in. Because the client can be manipulated there is also a server side interceptor that will throw a exception if the user is not logged in. This is all very nice and all a user will have to do is annotate the methods. I use the same annotation for both the client and the server side interceptor, but I have to annotate the remote interface and the service implementation e.g. @Remote public interface MessageService { @RequireAuthentication String hello(); @RequireRoles("admin") String ping(); } @Service public class MessageServiceImpl implements MessageService { @Inject AuthenticationService authenticationService; @Override @RequireAuthentication public String hello() { What I don't like is that the user will need to keep these to in sync, do you guys have an idea to have only one of these but still have both of the interceptors triggered? Cheers, Erik Jan _______________________________________________ errai-dev mailing list errai-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/errai-dev -- Lincoln Baxter, III http://ocpsoft.org "Simpler is better." _______________________________________________ errai-dev mailing list errai-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/errai-dev

If you are going down that route, just use a CDI extension scan the hierarchy for annotations, then add those annotations to the implementation bean, something like this: https://github.com/forge/core/blob/2.0/container/src/main/java/org/jboss/... Then CDI will behave as if your implementations were actually annotated with that annotation. You'll have to modify/wrap the AnnotatedType in this observer method so that the appropriate annotations are returned. CDI is wonderful. On Thu, May 23, 2013 at 9:50 AM, Erik Jan de Wit <edewit(a)redhat.com&gt; wrote: Right what I should have added is that on the server side the interceptors are cdi interceptors and I cannot just change the way cdi will look for annotations. The other way around only have them on the implementation also doesn't work because the client side code will not be able to access the implementation. So possible solution would be to recreate the cdi interceptor concept our self. On May 23, 2013, at 3:40 PM, "Lincoln Baxter, III" <lincolnbaxter(a)gmail.com&gt; wrote: > Ah yes, the good old "why are my annotated interface method annotations not inherIted?" question. This all depends on how you are scanning for the annotation. Typically annotation scanning only looks at the base level class, but you generally have to walk up the type hierarchy to find the real answer :) like so: > > https://github.com/forge/core/blob/2.0/container-api/src/main/java/org/jb... > > Hope this helps, > ~Lincoln > > > On Thu, May 23, 2013 at 6:02 AM, Erik Jan de Wit <edewit(a)redhat.com&gt; wrote: > Hi, > > Good news I think I'm done with the security module, finally. But there is one last thing that is bothering me. Maybe someone has a solution I didn't think of. > > Like I've explained before I have a 2 SecurityInterceptors one on the client and one on the server. With the client security interceptor I check the servers state and 'redirect' the user to the login page if he is not logged in. Because the client can be manipulated there is also a server side interceptor that will throw a exception if the user is not logged in. > > This is all very nice and all a user will have to do is annotate the methods. I use the same annotation for both the client and the server side interceptor, but I have to annotate the remote interface and the service implementation e.g. > > @Remote > > > public interface MessageService { > > > @RequireAuthentication > String hello(); > > > > @RequireRoles("admin") > String ping(); > > > } > > @Service > public class MessageServiceImpl implements MessageService { > > > @Inject > AuthenticationService authenticationService; > > > > @Override > @RequireAuthentication > public String hello() { > > > > > What I don't like is that the user will need to keep these to in sync, do you guys have an idea to have only one of these but still have both of the interceptors triggered? > > Cheers, > Erik Jan > > > _______________________________________________ > errai-dev mailing list > errai-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/errai-dev > > > > -- > Lincoln Baxter, III > http://ocpsoft.org > "Simpler is better." > _______________________________________________ > errai-dev mailing list > errai-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/errai-dev _______________________________________________ errai-dev mailing list errai-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/errai-dev -- Lincoln Baxter, III http://ocpsoft.org "Simpler is better." _______________________________________________ errai-dev mailing list errai-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/errai-dev