4 Replies Latest reply on Jan 9, 2010 3:52 AM by sdnakhla

    Interceptor before s:hasPermission?

    sdnakhla

      I have an app with a relatively complex security requirement.  I need to be able to dynamically inject information into the working memory before the @Restrict(s:hasPermission...) call occurs using my Drools authorization rules.  I could just do the permission check programmatically, but decided that it would be better if I implemented an Interceptor that would handle adding the objects to the working memory before the permission check is called.


      I've done just that, but it appears to me that my Interceptor is not being called before the @Restrict() permission check occurs.  I've added some simple logging statements to both my Drools security rule and my Interceptor, and the Drools statements always get called first.  What do I need to do to ensure that my Interceptor is called before the @Restrict() permission check or any other Interceptor is called?  Is there a specific around parameter that I need to add to my Interceptor definition?  Am I missing anything?  Thanks for any help you can give me.


      Steve

        • 1. Re: Interceptor before s:hasPermission?
          mwohlf

          Hi Steve,


          did you check Tobia's Interceptor in
          this thread as far as I understand it wraps all of Seam's Interceptors.

          • 2. Re: Interceptor before s:hasPermission?
            sdnakhla

            I used that as the basis for my interceptor.  However, the permission check still seems to be occurring before my interceptor is called.  Here is how I have it setup:


            I have a method that I wish to protect, but need to inject an object into the working memory before the permission check occurs.  My method looks like this:




            @MyAnnotation
            public class MyClass {
            
            @Restrict("{s:hasPermission('blah', 'blah')}")
            public void myMethod(){
            ...
            }
            }





            I would expect my interceptor to be called before s:hasPermission goes through.  However, I get an AuthorizationException every time, and logging statements in my interceptor are never being displayed, leading me to believe that the permission check is failing before my interceptor. 


            Any thoughts as to how I can get around this issue?

            • 3. Re: Interceptor before s:hasPermission?
              mwohlf

              make sure you use InterceptorType.CLIENT and the SecurityInterceptor.class in the arround set:


              @Interceptor(
                      stateless=true,
                      type=InterceptorType.CLIENT,
                      around = {
                              BijectionInterceptor.class,
                              MethodContextInterceptor.class,
                              ConversationInterceptor.class,
                              SynchronizationInterceptor.class,
                              ConversationalInterceptor.class,
                              RemoveInterceptor.class,
                              SeamInterceptor.class,
                              SecurityInterceptor.class,
                              TransactionInterceptor.class,
                              EventInterceptor.class,
                              HibernateSessionProxyInterceptor.class,
                              ManagedEntityInterceptor.class
                      })



              • 4. Re: Interceptor before s:hasPermission?
                sdnakhla

                Ahhh much better.  The interceptor type was what was missing.  Thanks for your help.