Java Reference
In-Depth Information
}
}
When the
removeBid()
method is called, the
@Secured
interceptor binding will inter-
cept the call.
@Secured
is bound to
SecurityCheckInterceptor
, and
@Audited
is bound to
AuditInterceptor
. Because
@Audited
is used to define
@Secured
,
when the
removeBid()
method is called, both
SecurityCheckInterceptor
and
AuditInterceptor
are called before
removeBid()
. This satisfies the concern that
secure business logic is also required to be audited without fail.
Because there are two interceptors bound to the two bindings, you may be asking yourself
which interceptor will be executed first. When using EJB interceptors, the order was very
clear (see
section 5.3.5
). But how does CDI interceptor ordering work?
The answer is the beans.xml file. When listing interceptors, you not only tell CDI what
interceptors are active but also what order they're to be executed in. For
removeBid()
it's probably a good idea to audit any calls to this method first before the security check is
performed. Listing
AuditInterceptor
first guarantees it'll be called before
Secur-
ityCheckInterceptor
:
<beans
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
<interceptors>
<class>com.bazaar.AuditInterceptor</class>
<class>com.bazaar.SecurityCheckInterceptor</class>
</interceptors>
</beans>
If CDI interceptors are mixed with EJB interceptors, the EJB interceptors go first, followed
by the CDI ones. So the order of interceptor execution would be as follows:
1
. Interceptors in the
@Interceptors
annotation
2
. Interceptors in ejb-jar.xml
3
. List of CDI interceptors in beans.xml