[errai-dev] security
Lincoln Baxter, III
lincolnbaxter at gmail.com
Thu May 23 09:55:00 EDT 2013
If you are going down that route, just use a CDI extension scan the
hierarchy for annotations, then add those annotations to the implementation
bean, something like this:
https://github.com/forge/core/blob/2.0/container/src/main/java/org/jboss/forge/furnace/impl/ContainerServiceExtension.java#L56
Then CDI will behave as if your implementations were actually annotated
with that annotation. You'll have to modify/wrap the AnnotatedType in this
observer method so that the appropriate annotations are returned.
CDI is wonderful.
On Thu, May 23, 2013 at 9:50 AM, Erik Jan de Wit <edewit at redhat.com> wrote:
> Right what I should have added is that on the server side the interceptors
> are cdi interceptors and I cannot just change the way cdi will look for
> annotations. The other way around only have them on the implementation also
> doesn't work because the client side code will not be able to access the
> implementation. So possible solution would be to recreate the cdi
> interceptor concept our self.
>
> On May 23, 2013, at 3:40 PM, "Lincoln Baxter, III" <
> lincolnbaxter at gmail.com> wrote:
>
> Ah yes, the good old "why are my annotated interface method annotations
> not inherIted?" question. This all depends on how you are scanning for the
> annotation. Typically annotation scanning only looks at the base level
> class, but you generally have to walk up the type hierarchy to find the
> real answer :) like so:
>
>
> https://github.com/forge/core/blob/2.0/container-api/src/main/java/org/jboss/forge/furnace/util/Annotations.java#L189
>
> Hope this helps,
> ~Lincoln
>
>
> On Thu, May 23, 2013 at 6:02 AM, Erik Jan de Wit <edewit at redhat.com>wrote:
>
>> Hi,
>>
>> Good news I think I'm done with the security module, finally. But there
>> is one last thing that is bothering me. Maybe someone has a solution I
>> didn't think of.
>>
>> Like I've explained before I have a 2 SecurityInterceptors one on the
>> client and one on the server. With the client security interceptor I check
>> the servers state and 'redirect' the user to the login page if he is not
>> logged in. Because the client can be manipulated there is also a server
>> side interceptor that will throw a exception if the user is not logged in.
>>
>> This is all very nice and all a user will have to do is annotate the
>> methods. I use the same annotation for both the client and the server side
>> interceptor, but I have to annotate the remote interface and the service
>> implementation e.g.
>>
>> @Remote
>> public interface MessageService {
>>
>> @RequireAuthentication
>> String hello();
>>
>>
>> @RequireRoles("admin")
>> String ping();
>> }
>>
>>
>> @Service
>> public class MessageServiceImpl implements MessageService {
>> @Inject
>> AuthenticationService authenticationService;
>>
>> @Override
>> @RequireAuthentication
>> public String hello() {
>>
>>
>>
>> What I don't like is that the user will need to keep these to in sync, do
>> you guys have an idea to have only one of these but still have both of the
>> interceptors triggered?
>>
>> Cheers,
>> Erik Jan
>>
>>
>> _______________________________________________
>> errai-dev mailing list
>> errai-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/errai-dev
>>
>
>
>
> --
> Lincoln Baxter, III
> http://ocpsoft.org
> "Simpler is better."
> _______________________________________________
> errai-dev mailing list
> errai-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/errai-dev
>
>
>
> _______________________________________________
> errai-dev mailing list
> errai-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/errai-dev
>
--
Lincoln Baxter, III
http://ocpsoft.org
"Simpler is better."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/errai-dev/attachments/20130523/17403ca5/attachment.html
More information about the errai-dev
mailing list