We might need to log every attempt (authorized and unauthorized) to access a stateless EJB in our application. What's the right way to implement this?
The EJBs are secured by a JAAS security domain with the DatabaseServerLoginModule. We considered EJB interceptors, but they are not invoked unless the request goes through the aop interceptors implementing JAAS security (AuthenticationInterceptor and RoleBasedAuthorizationInterceptor) specified in the ejb3-interceptors-aop.xml. So, we cannot log authorization failures in the EJB interceptor. Is adding an interceptor to the "Stateless Bean" domain, between the 2 interceptors above, the right way to go? If so, do we need to modify the ejb-interceptors-aop.xml in the jboss/server/.../deploy folder, or is there a way to extend/override the "Stateless Bean" domain through a deployment descriptor deployed with our ear that would only affect the EJBs deployed with our ear. Thank you View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3949656#3949656 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3949656 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
