Package security

Annotation Interface AccessCheck

@InterceptorBinding @Target({METHOD,TYPE}) @Retention(RUNTIME) public @interface AccessCheck
Interceptor binding annotation for securing individual CDI bean methods.

Place this annotation on a method to indicate it requires access control. The AbstractAccessCheckInterceptor will intercept the method call and verify the caller's permissions before allowing execution.

Access rights can be granted in two ways:

  1. Declarative (InMemory): Specify allowedRoles() directly in the annotation. The InMemorySecuredResourceScanner reads these at deploy time and stores them together with the secured resource. The paired InMemoryAccessCheckInterceptor enforces access based on these declared roles. This is the default approach provided by the DynTabs library — zero configuration, everything is in the code. 
    
       @AccessCheck(resourceDisplayName = "Generate PDF Report",
                    allowedRoles = {"ADMIN", "MANAGER"})
       public void generatePdfReport() { ... }
  2. DB-based: The developer creates a custom DBSecuredResourceScanner (extending AbstractSecuredResourceScanner) that registers secured resources in a database table, ignoring the allowedRoles attribute. Access rules are managed through an Admin UI where roles are granted permissions on resources. A paired DBAccessCheckInterceptor reads allowed roles from the database at runtime.

NOTE: @Nonbinding is required on all attributes, otherwise CDI would treat different attribute values as different interceptor bindings, and the interceptor would not fire for methods with non-default values.

Author:
DynTabs
See Also:

  • Optional Element Summary

    Optional Elements
    Modifier and Type
    Optional Element
    Description
    String[]
    allowedRoles
    Roles allowed to invoke this method (declarative access control).
    String
    resourceDisplayName
    Human-readable display name for this secured resource.

  • Element Details

    • resourceDisplayName

      String resourceDisplayName
      Human-readable display name for this secured resource.

      Shown in admin UIs for security management. Can be a literal string (e.g. "Generate PDF Report") or a resource bundle key for i18n.

      Default:
      ""

    • allowedRoles

      String[] allowedRoles
      Roles allowed to invoke this method (declarative access control).

      Used by the InMemorySecuredResourceScanner / InMemoryAccessCheckInterceptor pair. Comma-separated role names, e.g. {"ADMIN", "MANAGER"}.

      Ignored by DB-based implementations, where access rules are managed through an Admin UI and stored in the database.

      Default:
      {}