Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-3281

Default EJB interceptors should be declared in "ejb-jar.xml"

    Details

    • Type: Vulnerability Detection
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Message:
      Move this default interceptor to "ejb-jar.xml"
    • Default Severity:
      Blocker
    • Impact:
      High
    • Likelihood:
      High
    • Default Quality Profiles:
      Sonar way
    • Covered Languages:
      Java
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      5min
    • Analysis Scope:
      Main Sources
    • OWASP:
      A6

      Description

      Default interceptors, such as application security interceptors, must be listed in the ejb-jar.xml file, or they will not be treated as default.

      This rule applies to projects that contain JEE Beans (any one of javax.ejb.Singleton, MessageDriven, Stateless or Stateful).

      Noncompliant Code Example

      // file: ejb-interceptors.xml
      <assembly-descriptor>
       <interceptor-binding> <!-- should be declared in ejb-jar.xml -->
            <ejb-name>*</ejb-name>
            <interceptor-class&gt;com.myco.ImportantInterceptor</interceptor-class&gt;<!-- Noncompliant; will NOT be treated as default -->
         </interceptor-binding>
      </assembly-descriptor>
      

      Compliant Solution

      // file: ejb-jar.xml
      <assembly-descriptor>
       <interceptor-binding>
            <ejb-name>*</ejb-name>
            <interceptor-class&gt;com.myco.ImportantInterceptor</interceptor-class&gt;
         </interceptor-binding>
      </assembly-descriptor>
      

      See

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                ann.campbell.2 Ann Campbell
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: