Win a copy of Micro Frontends in Action this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Webservice filter on OC4j for annotated EJBs

Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I have a web application that uses ejbs. The application uses filters defined in the web.xml for security and such on all calls. So far so good. I have one ejb that I'm exposing as a webservice using the @Webservice annotation. The problem I have is that I need have all calls to this webservice go through the servlet filter but because the directly exposed ejb isn't part of the web module it obviously doesn't get caught by the filter. (The annotated webservice appears in a seperate context based on the ejb-module name by default).

I feel that I'm missing something here. I want to use the annotation ('cause it's handy) but I have a requirement to run all calls through this filter. Can I:

1. Somehow include (wrap) the annotated ejb service into the war file? (i.e. still making use of the @webservice annotation)
2. Find some way of applying the web filter to the directly exposed ejb?

I get the feeling that there's an obvious solution to this that's just eluding me.

Thanks for any help

Ranch Hand
Posts: 2198
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do you know that for EJB based endpoints, you can use EJB method-level security?
If not, here is a tutorial on how to do security in EJBs:
However, the calls to the web service will still not go through your servlet filter.
My experiences tells me that EJB endpoints are (always or just often?) wrapped in a servlet by the container when being deployed. Since I have never seen anything about this in the JAX-WS specifications, I assume that this is implementation-specific behaviour and thus should not be relied upon.
If you still want to chose this option, I guess it is possible to see to that your servlet filter is applied to that servlet too. Again, note that you risk the portability etc. of your application.
Best wishes!
Dave Lane
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ivan,

Yeah, I've pretty much got to go with the web filter: that's just in-house architecture of the apps in here. I'll look into applying the filter to the container's servlet, but I'd say it would probably be easier just to use the (in this case Oracle) assembler tool to generate the interface and implement a pojo implementation that calls the bean through a service layer. It just feels like a step backwards not to be using annotations, you know?

Thanks for your help.

Don't get me started about those stupid light bulbs.
    Bookmark Topic Watch Topic
  • New Topic