[jbossws-issues] [JBoss JIRA] (JBWS-3378) Both JAXWS & JAXRPC handlers have to be executed in EJB interceptor after EJB security interceptors

[ https://issues.jboss.org/browse/JBWS-3378?page=com.atlassian.jira.plugin.... ] Richard Opalka commented on JBWS-3378: -------------------------------------- <carlo> ropalka: pong <ropalka> carlo, I've got EJB related question <ropalka> carlo, I'm finalizing JAXRPC EJB integration and <ropalka> carlo, I'm working on JAXRPC server side handlers now <ropalka> carlo, the requirements for JAXRPC EJB interceptors are: <ropalka> --- <ropalka> * According to the ws4ee spec the handler logic must be invoked after the container <ropalka> * applied method level security to the invocation. <ropalka> --- <ropalka> carlo, where should I hook? <ropalka> carlo, I see ComponentDescription have classLevelInterceptors and methodInterceptors <ropalka> carlo, methodInterceptors seems more appropriate to me <carlo> you should invoke through the service point view <ropalka> carlo, this is what I have ATM - https://github.com/ropalka/jboss-as/blob/jaxrpc-ejb/webservices/server-in... <ropalka> carlo, and invocations on JAXRPC EJB endpoints are working for me <ropalka> carlo, newEjbEndpoint() interests U <carlo> right, that should give you a ComponentView at the end of the day (as in InvocationHandlerEJB3) <ropalka> carlo, and this is our EJB invocation abstraction - https://github.com/ropalka/jboss-as/blob/jaxrpc-ejb/webservices/server-in... <carlo> right <carlo> hmm, you need to explain a bit more about handlers <carlo> the handler logic is the user supplied EJB, not? <carlo> ropalka: ^ <ropalka> carlo, handler is XML processing handler <ropalka> carlo, that is configured in webservices.xml <carlo> ah, a kind of interceptor? <ropalka> carlo, http://fpaste.org/K9h3/ <ropalka> carlo, yep <carlo> ropalka: interesting, how did we do it in AS5/6? <ropalka> carlo, a second ... <ropalka> carlo, Our old invocation handler - http://fpaste.org/w14B/ <ropalka> carlo, Our old handler interceptor - http://fpaste.org/k7F6/ <carlo> ropalka: and the EJB 3.1 variant? <ropalka> carlo, it was completely different - http://fpaste.org/AGsk/ <carlo> ropalka: in other words the EJB 3.1 was not compliant? <carlo> I don't see security before handlers <ropalka> carlo, neither I <ropalka> carlo, I need to check JAXWS spec, but I think U'll be right. The requirement will be the same * ropalka 's checking JAXWS spec. <carlo> doesn't RPC/WS specify its own security? the quoted bit doesn't really say whether it pertains EJB security constraints. <ropalka> carlo, JSR 109 - Chapter 6.2.2.4 Security - <ropalka> --- <ropalka> Handlers associated with a Port component run after authorization has occurred and before the business logic <ropalka> method of the Service Implementation bean is dispatched to. For JAX-RPC or JAX-WS Service endpoints, <ropalka> Handlers run after the container has performed the security constraint checks associated with the servlet <ropalka> element that defines the Port component. For EJB based service implementations, Handlers run after method <ropalka> level authorization has occurred. <ropalka> --- <ropalka> carlo, version 1.3 of JSR 109 (for clarification) <carlo> interesting indeed <ropalka> carlo, IOW U're right our old EJB3 inv. handler is bypassing this requirement :( <ropalka> carlo, complete chapter text - http://fpaste.org/ovb9/ <carlo> just downloaded the jsr <ropalka> :) <carlo> ropalka: probably the EJB 2.1 construct makes the most sense. Insert an interceptor at a certain point. <carlo> which is easier to do in AS7 :-) <ropalka> carlo, yes, I agree <ropalka> carlo, :D <ropalka> carlo, so where/how to hook? * ropalka 's waiting for suggestions ... <carlo> EJBViewDescription.getConfigurators().add(new DoTheHandlersConfigurator() { ... } ); * ropalka created JBWS-3378 <jbossbot> jira [JBWS-3378] Both JAXWS & JAXRPC handlers have to be executed in EJB interceptor after EJB security interceptors [Open (Unresolved) Sub-task, Major, Richard Opalka] https://issues.jboss.org/browse/JBWS-3378 <carlo> configure(...) { configuration.addViewInterceptor(DoHandlersInterceptors ...) } <carlo> Then you can do anything in the DoHandlersInterceptor <carlo> ropalka: % <ropalka> carlo, thanks Carlo! <carlo> I hate a German keyboard <ropalka> :) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira