Sorry, "Subject" field was not complete in my original post "sbivol" wrote : We might need to log every attempt (authorized and unauthorized) to access a stateless EJB in our application. What's the right way to implement this? | | The EJBs are secured by a JAAS security domain with the DatabaseServerLoginModule. | | We considered EJB interceptors, but they are not invoked unless the request goes through the aop interceptors implementing JAAS security (AuthenticationInterceptor and RoleBasedAuthorizationInterceptor) specified in the ejb3-interceptors-aop.xml. So, we cannot log authorization failures in the EJB interceptor. | | Is adding an interceptor to the "Stateless Bean" domain, between the 2 interceptors above, the right way to go? | | If so, do we need to modify the ejb-interceptors-aop.xml in the jboss/server/.../deploy folder, or is there a way to extend/override the "Stateless Bean" domain through a deployment descriptor deployed with our ear that would only affect the EJBs deployed with our ear. | | Thank you
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3950459#3950459 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3950459 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
