How to authorize a user using EJB interceptors?

Asked Feb 15 '16 at 17:06

Active Feb 15 '16 at 17:44

Viewed 159 times

We are planning to use ejbs for our service layer. We have http clients and EJB clients.

We want to authorise a user action based on his roles. There are two kinds of users, admins and non admins.

We configured a realm in the server and in the web tier the SecurityContext is populated by the server.

We want to basically write an interceptor and add it on the service methods. Whenever an ejb method is called, irrespective of from which client layer the method is called, the interceptor should be able to get the user name/id so that it can check for authorization.

Can anyone help me how to solve this?

edited Feb 15 '16 at 17:44

asked Feb 15 '16 at 17:06

Krishna Chaitanya

2,533
4
40
74

1

https://docs.oracle.com/javaee/6/tutorial/doc/gkeci.html You can do normal ejb/cdi injections inside interceptor, such as ```@Resource SecurityContext``` and do more than just injection, you can query the methods, or you can use the ejbs own: ```@RolesAllowed``` in built interceptors for this purpose – maress Feb 17 '16 at 09:19
Thank you. I am using SecurityContext and it worked. – Krishna Chaitanya Feb 18 '16 at 02:55

How to authorize a user using EJB interceptors?

0 Answers0