[
https://issues.jboss.org/browse/JBWS-3378?page=com.atlassian.jira.plugin....
]
Richard Opalka edited comment on JBWS-3378 at 11/3/11 6:37 AM:
---------------------------------------------------------------
<carlo> ropalka: pong
<ropalka> carlo, I've got EJB related question
<ropalka> carlo, I'm finalizing JAXRPC EJB integration and
<ropalka> carlo, I'm working on JAXRPC server side handlers now
<ropalka> carlo, the requirements for JAXRPC EJB interceptors are:
<ropalka> ---
<ropalka> * According to the ws4ee spec the handler logic must be invoked after the
container
<ropalka> * applied method level security to the invocation.
<ropalka> ---
<ropalka> carlo, where should I hook?
<ropalka> carlo, I see ComponentDescription have classLevelInterceptors and
methodInterceptors
<ropalka> carlo, methodInterceptors seems more appropriate to me
<carlo> you should invoke through the service point view
<ropalka> carlo, this is what I have ATM -
https://github.com/ropalka/jboss-as/blob/jaxrpc-ejb/webservices/server-in...
<ropalka> carlo, and invocations on JAXRPC EJB endpoints are working for me
<ropalka> carlo, newEjbEndpoint() interests U
<carlo> right, that should give you a ComponentView at the end of the day (as in
InvocationHandlerEJB3)
<ropalka> carlo, and this is our EJB invocation abstraction -
https://github.com/ropalka/jboss-as/blob/jaxrpc-ejb/webservices/server-in...
<carlo> right
<carlo> hmm, you need to explain a bit more about handlers
<carlo> the handler logic is the user supplied EJB, not?
<carlo> ropalka: ^
<ropalka> carlo, handler is XML processing handler
<ropalka> carlo, that is configured in webservices.xml
<carlo> ah, a kind of interceptor?
<ropalka> carlo,
http://fpaste.org/K9h3/
<ropalka> carlo, yep
<carlo> ropalka: interesting, how did we do it in AS5/6?
<ropalka> carlo, a second ...
<ropalka> carlo, Our old invocation handler -
http://fpaste.org/w14B/
<ropalka> carlo, Our old handler interceptor -
http://fpaste.org/k7F6/
<carlo> ropalka: and the EJB 3.1 variant?
<ropalka> carlo, it was completely different -
http://fpaste.org/AGsk/
<carlo> ropalka: in other words the EJB 3.1 was not compliant?
<carlo> I don't see security before handlers
<ropalka> carlo, neither I
<ropalka> carlo, I need to check JAXWS spec, but I think U'll be right. The
requirement will be the same
ropalka 's checking JAXWS spec.
<carlo> doesn't RPC/WS specify its own security? the quoted bit doesn't
really say whether it pertains EJB security constraints.
<ropalka> carlo, JSR 109 - Chapter 6.2.2.4 Security -
<ropalka> ---
<ropalka> Handlers associated with a Port component run after authorization has
occurred and before the business logic
<ropalka> method of the Service Implementation bean is dispatched to. For JAX-RPC or
JAX-WS Service endpoints,
<ropalka> Handlers run after the container has performed the security constraint
checks associated with the servlet
<ropalka> element that defines the Port component. For EJB based service
implementations, Handlers run after method
<ropalka> level authorization has occurred.
<ropalka> ---
<ropalka> carlo, version 1.3 of JSR 109 (for clarification)
<carlo> interesting indeed
<ropalka> carlo, IOW U're right our old EJB3 inv. handler is bypassing this
requirement :(
<ropalka> carlo, complete chapter text -
http://fpaste.org/ovb9/
<carlo> just downloaded the jsr
<ropalka> :)
<carlo> ropalka: probably the EJB 2.1 construct makes the most sense. Insert an
interceptor at a certain point.
<carlo> which is easier to do in AS7 :-)
<ropalka> carlo, yes, I agree
<ropalka> carlo, :D
<ropalka> carlo, so where/how to hook?
ropalka 's waiting for suggestions ...
<carlo> EJBViewDescription.getConfigurators().add(new DoTheHandlersConfigurator() {
... } );
ropalka created JBWS-3378
<jbossbot> jira [JBWS-3378] Both JAXWS & JAXRPC handlers have to be executed in
EJB interceptor after EJB security interceptors [Open (Unresolved) Sub-task, Major,
Richard Opalka]
https://issues.jboss.org/browse/JBWS-3378
<carlo> configure(...) { configuration.addViewInterceptor(DoHandlersInterceptors
...) }
<carlo> Then you can do anything in the DoHandlersInterceptor
<carlo> ropalka: %
<ropalka> carlo, thanks Carlo!
<carlo> I hate a German keyboard
<ropalka> :)
was (Author: ropalka):
<carlo> ropalka: pong
<ropalka> carlo, I've got EJB related question
<ropalka> carlo, I'm finalizing JAXRPC EJB integration and
<ropalka> carlo, I'm working on JAXRPC server side handlers now
<ropalka> carlo, the requirements for JAXRPC EJB interceptors are:
<ropalka> ---
<ropalka> * According to the ws4ee spec the handler logic must be invoked after the
container
<ropalka> * applied method level security to the invocation.
<ropalka> ---
<ropalka> carlo, where should I hook?
<ropalka> carlo, I see ComponentDescription have classLevelInterceptors and
methodInterceptors
<ropalka> carlo, methodInterceptors seems more appropriate to me
<carlo> you should invoke through the service point view
<ropalka> carlo, this is what I have ATM -
https://github.com/ropalka/jboss-as/blob/jaxrpc-ejb/webservices/server-in...
<ropalka> carlo, and invocations on JAXRPC EJB endpoints are working for me
<ropalka> carlo, newEjbEndpoint() interests U
<carlo> right, that should give you a ComponentView at the end of the day (as in
InvocationHandlerEJB3)
<ropalka> carlo, and this is our EJB invocation abstraction -
https://github.com/ropalka/jboss-as/blob/jaxrpc-ejb/webservices/server-in...
<carlo> right
<carlo> hmm, you need to explain a bit more about handlers
<carlo> the handler logic is the user supplied EJB, not?
<carlo> ropalka: ^
<ropalka> carlo, handler is XML processing handler
<ropalka> carlo, that is configured in webservices.xml
<carlo> ah, a kind of interceptor?
<ropalka> carlo,
http://fpaste.org/K9h3/
<ropalka> carlo, yep
<carlo> ropalka: interesting, how did we do it in AS5/6?
<ropalka> carlo, a second ...
<ropalka> carlo, Our old invocation handler -
http://fpaste.org/w14B/
<ropalka> carlo, Our old handler interceptor -
http://fpaste.org/k7F6/
<carlo> ropalka: and the EJB 3.1 variant?
<ropalka> carlo, it was completely different -
http://fpaste.org/AGsk/
<carlo> ropalka: in other words the EJB 3.1 was not compliant?
<carlo> I don't see security before handlers
<ropalka> carlo, neither I
<ropalka> carlo, I need to check JAXWS spec, but I think U'll be right. The
requirement will be the same
* ropalka 's checking JAXWS spec.
<carlo> doesn't RPC/WS specify its own security? the quoted bit doesn't
really say whether it pertains EJB security constraints.
<ropalka> carlo, JSR 109 - Chapter 6.2.2.4 Security -
<ropalka> ---
<ropalka> Handlers associated with a Port component run after authorization has
occurred and before the business logic
<ropalka> method of the Service Implementation bean is dispatched to. For JAX-RPC or
JAX-WS Service endpoints,
<ropalka> Handlers run after the container has performed the security constraint
checks associated with the servlet
<ropalka> element that defines the Port component. For EJB based service
implementations, Handlers run after method
<ropalka> level authorization has occurred.
<ropalka> ---
<ropalka> carlo, version 1.3 of JSR 109 (for clarification)
<carlo> interesting indeed
<ropalka> carlo, IOW U're right our old EJB3 inv. handler is bypassing this
requirement :(
<ropalka> carlo, complete chapter text -
http://fpaste.org/ovb9/
<carlo> just downloaded the jsr
<ropalka> :)
<carlo> ropalka: probably the EJB 2.1 construct makes the most sense. Insert an
interceptor at a certain point.
<carlo> which is easier to do in AS7 :-)
<ropalka> carlo, yes, I agree
<ropalka> carlo, :D
<ropalka> carlo, so where/how to hook?
* ropalka 's waiting for suggestions ...
<carlo> EJBViewDescription.getConfigurators().add(new DoTheHandlersConfigurator() {
... } );
* ropalka created JBWS-3378
<jbossbot> jira [JBWS-3378] Both JAXWS & JAXRPC handlers have to be executed in
EJB interceptor after EJB security interceptors [Open (Unresolved) Sub-task, Major,
Richard Opalka]
https://issues.jboss.org/browse/JBWS-3378
<carlo> configure(...) { configuration.addViewInterceptor(DoHandlersInterceptors
...) }
<carlo> Then you can do anything in the DoHandlersInterceptor
<carlo> ropalka: %
<ropalka> carlo, thanks Carlo!
<carlo> I hate a German keyboard
<ropalka> :)
Both JAXWS & JAXRPC handlers have to be executed in EJB
interceptor after EJB security interceptors
---------------------------------------------------------------------------------------------------
Key: JBWS-3378
URL:
https://issues.jboss.org/browse/JBWS-3378
Project: JBoss Web Services
Issue Type: Sub-task
Security Level: Public(Everyone can see)
Reporter: Richard Opalka
Assignee: Richard Opalka
Fix For: jbossws-native-4.0, jbossws-cxf-4.0
JSR 109 - Version 1.3 - Chapter 6.2.2.4 Security
Handlers associated with a Port component run after authorization has occurred and before
the business logic
method of the Service Implementation bean is dispatched to. For JAX-RPC or JAX-WS Service
endpoints,
Handlers run after the container has performed the security constraint checks associated
with the servlet
element that defines the Port component. For EJB based service implementations, Handlers
run after method
level authorization has occurred.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira