Before we begin developing our services, as part of the design process, we decided that we wanted to restrict access to some methods based on the User
role and that some methods would require a Transaction
object to be present.
To be able to develop an interceptor that we can use in our services, there are a few pieces that must be created, as shown in the following list:
We need to define an
enum
function for the possible roles using the following code:public enum RoleType { GUEST, USER, ORDER_PROCESSOR, ADMIN; }
We also need an annotation that we can add to methods to inform CDI that we want them to be intercepted:
@InterceptorBinding @Target( { TYPE, METHOD } ) @Retention( RUNTIME ) public @interface Secure { @Nonbinding RoleType[] rolesAllowed() default {}; }
Note
We specified the
RoleType
as@Nonbinding
as its value is only important to the interceptor implementation and nothing else.Within...