Java Reference
In-Depth Information
When the removeBid() method is called, the @Secured interceptor binding will inter-
cept the call. @Secured is bound to SecurityCheckInterceptor , and @Audited
is bound to AuditInterceptor . Because @Audited is used to define @Secured ,
when the removeBid() method is called, both SecurityCheckInterceptor and
AuditInterceptor are called before removeBid() . This satisfies the concern that
secure business logic is also required to be audited without fail.
Because there are two interceptors bound to the two bindings, you may be asking yourself
which interceptor will be executed first. When using EJB interceptors, the order was very
clear (see section 5.3.5 ). But how does CDI interceptor ordering work?
The answer is the beans.xml file. When listing interceptors, you not only tell CDI what
interceptors are active but also what order they're to be executed in. For removeBid()
it's probably a good idea to audit any calls to this method first before the security check is
performed. Listing AuditInterceptor first guarantees it'll be called before Secur-
ityCheckInterceptor :
If CDI interceptors are mixed with EJB interceptors, the EJB interceptors go first, followed
by the CDI ones. So the order of interceptor execution would be as follows:
1 . Interceptors in the @Interceptors annotation
2 . Interceptors in ejb-jar.xml
3 . List of CDI interceptors in beans.xml
Search WWH ::

Custom Search