4 Replies Latest reply: Jan 9, 2010 3:52 AM by Akhbar Falafel RSS

Interceptor before s:hasPermission?

Akhbar Falafel Newbie

I have an app with a relatively complex security requirement.  I need to be able to dynamically inject information into the working memory before the @Restrict(s:hasPermission...) call occurs using my Drools authorization rules.  I could just do the permission check programmatically, but decided that it would be better if I implemented an Interceptor that would handle adding the objects to the working memory before the permission check is called.


I've done just that, but it appears to me that my Interceptor is not being called before the @Restrict() permission check occurs.  I've added some simple logging statements to both my Drools security rule and my Interceptor, and the Drools statements always get called first.  What do I need to do to ensure that my Interceptor is called before the @Restrict() permission check or any other Interceptor is called?  Is there a specific around parameter that I need to add to my Interceptor definition?  Am I missing anything?  Thanks for any help you can give me.


Steve

  • 1. Re: Interceptor before s:hasPermission?
    Michael Wohlfart Expert

    Hi Steve,


    did you check Tobia's Interceptor in
    this thread as far as I understand it wraps all of Seam's Interceptors.

  • 2. Re: Interceptor before s:hasPermission?
    Akhbar Falafel Newbie

    I used that as the basis for my interceptor.  However, the permission check still seems to be occurring before my interceptor is called.  Here is how I have it setup:


    I have a method that I wish to protect, but need to inject an object into the working memory before the permission check occurs.  My method looks like this:




    @MyAnnotation
    public class MyClass {
    
    @Restrict("{s:hasPermission('blah', 'blah')}")
    public void myMethod(){
    ...
    }
    }





    I would expect my interceptor to be called before s:hasPermission goes through.  However, I get an AuthorizationException every time, and logging statements in my interceptor are never being displayed, leading me to believe that the permission check is failing before my interceptor. 


    Any thoughts as to how I can get around this issue?

  • 3. Re: Interceptor before s:hasPermission?
    Michael Wohlfart Expert

    make sure you use InterceptorType.CLIENT and the SecurityInterceptor.class in the arround set:


    @Interceptor(
            stateless=true,
            type=InterceptorType.CLIENT,
            around = {
                    BijectionInterceptor.class,
                    MethodContextInterceptor.class,
                    ConversationInterceptor.class,
                    SynchronizationInterceptor.class,
                    ConversationalInterceptor.class,
                    RemoveInterceptor.class,
                    SeamInterceptor.class,
                    SecurityInterceptor.class,
                    TransactionInterceptor.class,
                    EventInterceptor.class,
                    HibernateSessionProxyInterceptor.class,
                    ManagedEntityInterceptor.class
            })



  • 4. Re: Interceptor before s:hasPermission?
    Akhbar Falafel Newbie

    Ahhh much better.  The interceptor type was what was missing.  Thanks for your help.