[jboss-user] [EJB 3.0] - Programmatically query @RolesAllowed or if caller can access

[matt10]

How do I find out programmatically which other methods can be called on a session bean by an authenticated user from in a bean method?

>From a client I'm trying to query what methods the user can call on the session bean, in order to enable and disable menu items and functionality as appropriate on the client.

On the session bean I have created a method which is supposed to return a list of the methods accessible on the bean (simplified):

@PermitAll
public String[] getAllowedMethods() {
    ...
}

In this method I'm trying to iterate through the methods on the session bean checking to see if the caller has permission to access each one. I want to return a list of the accessible methods to the client. After a week of exploring, searching on forums and trying out code I cannot find a way to do this.

I could find no methods which give me access to this metadata from the bean so I've tried querying the annotations myself from a static class reference to the actual Session Bean (MySessionBean.class) but the annotations come back as proxies and code reports there are no @Remote, @RolesAllowed etc. annotations on the class I have a reference to, so I presume the ClassLoader is returning me a bean proxy.

I've looked at SessionContext, EJBHome, EJBMetaData seeking this security information about EJB methods but to no avail. All I have is a suspicion that the information I am looking for is available to interceptors.

Anyone know how to query bean methods for roles allowed at runtime?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3962286#3962286

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3962286