So I updated my pointcut to try to advise my EJBs directly (instead of trying to advise the container's authorization interceptor), but I'm not having success.
JBoss' own aspect/interceptor seems to be taking precedence over my own pointcut, which I find hard to explain, and the JBoss aspect is firing instead of my own.
This is my aspect definition:
@Pointcut("call( @(javax.annotation.security..*) * *.*(..))")
public void securedEJB(){}
@Around( "securedEJB()" )
public Object logEJBAccess( ProceedingJoinPoint pjp ) throws Throwable{
logger.warn("EJB CHECK HERE!!!!!!!!!!!");
Object o = null;
try {
o = pjp.proceed();
} catch (Throwable e) {
logger.error("EJB Threw Exception " + e );
e.printStackTrace();
throw e;
}
return o;
}
Yet, for all my secured EJB methods, I get the JBoss aspect that is checking for security rights prior to my own calls to method and hence this advice is never ever run.
An example of a call is:
OrganizationManager om = (OrganizationManager)SessionBeanLocator.getSessionBean(OrganizationManager.class);
om.getThirdPartyOrgsForLogin( "asdf", null );
System.out.println( "OM" + om );
Where OM is the interface to the EJB bean:
@PermitAll
@TransactionAttribute(TransactionAttributeType.NEVER)
public List getThirdPartyOrgsForLogin(String username, BusinessContextInfo contextInfo) throws IzoneBusinessException {
...
...
}
Any ideas what I can do?
Thanks,
Eric