I am using Deltaspike SecurityInterceptor to authorize methods with @LoggedIn annotation.
At the same time I am authenticating user with token at ContainerRequestFilter.
@Inject
AuthenticationService authenticationService;
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
String authToken = requestContext.getHeaderString(AUTH_TOKEN);
try {
authenticationService.authenticateWithToken(authToken);
} catch (LoginException e) {
log.info(e.getMessage());
}
}
I have faced the problem that container firstly executes SecurityInterceptor and then ContainerRequestFilter and user gets not authenticated.
Is there any way to change the execution order?
My beans.xml:
<beans xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
<interceptors>
<class>org.apache.deltaspike.security.impl.extension.SecurityInterceptor</class>
</interceptors>
From javaee7 documentation:
But interceptors and filters doesn't has any execution correlation, filters act on web request, interceptors are CDI objects, i think that any runtime execution dependency is a design error.
Where is the interceptor annotation? Which class?