This week's book giveaway is in the JavaScript forum.
We're giving away four copies of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js and have Paul Jensen on-line!
See this thread for details.
Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Webservice filter on OC4j for annotated EJBs  RSS feed

 
Dave Lane
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I have a web application that uses ejbs. The application uses filters defined in the web.xml for security and such on all calls. So far so good. I have one ejb that I'm exposing as a webservice using the @Webservice annotation. The problem I have is that I need have all calls to this webservice go through the servlet filter but because the directly exposed ejb isn't part of the web module it obviously doesn't get caught by the filter. (The annotated webservice appears in a seperate context based on the ejb-module name by default).

I feel that I'm missing something here. I want to use the annotation ('cause it's handy) but I have a requirement to run all calls through this filter. Can I:

1. Somehow include (wrap) the annotated ejb service into the war file? (i.e. still making use of the @webservice annotation)
2. Find some way of applying the web filter to the directly exposed ejb?

I get the feeling that there's an obvious solution to this that's just eluding me.

Thanks for any help

D
 
Ivan Krizsan
Ranch Hand
Posts: 2198
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
Do you know that for EJB based endpoints, you can use EJB method-level security?
If not, here is a tutorial on how to do security in EJBs: http://www.netbeans.org/kb/docs/javaee/secure-ejb.html
However, the calls to the web service will still not go through your servlet filter.
My experiences tells me that EJB endpoints are (always or just often?) wrapped in a servlet by the container when being deployed. Since I have never seen anything about this in the JAX-WS specifications, I assume that this is implementation-specific behaviour and thus should not be relied upon.
If you still want to chose this option, I guess it is possible to see to that your servlet filter is applied to that servlet too. Again, note that you risk the portability etc. of your application.
Best wishes!
 
Dave Lane
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ivan,

Yeah, I've pretty much got to go with the web filter: that's just in-house architecture of the apps in here. I'll look into applying the filter to the container's servlet, but I'd say it would probably be easier just to use the (in this case Oracle) assembler tool to generate the interface and implement a pojo implementation that calls the bean through a service layer. It just feels like a step backwards not to be using annotations, you know?

Thanks for your help.

D
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!