I would like to create a custom annotation to decorate methods which would restrict access to method calls.

My annotation is defined below:

@Inherited
@Documented
@Retention(RetentionPolicy.RUNTIME)
public @interface Restrict {
   public enum RoleType {All, ROLE_A, ROLE_B, ROLE_C, ROLE_D}
   String roleLevel();
   RoleType roleType();
}

Then using the annotation like the following. The annotation receives two parameters, one being the required minimum roleType, the other the required minimum role level.

@Restrict(roleType = RoleType.ALL, roleLevel="user")
String deleteSomething() {
  // delete intended whatever
  return success;
}

My intent is, when any call to a Managed Bean method that is decorated with this annotation, as in the method described above “deleteSomething()”, occurs, this call would be intercepted and the parameters set on the method compared to the logged in users appropriate session values. If the logged in users session role values are high enough, the Managed Bean’s method will be allowed to be invoked, otherwise the user is either redirected or an appropriate message is displayed.

My question is this, is there a way I can “hook” into what methods are bing called to then, through reflection, see if there is a @Restrict annotation on the method and then process said annotation. I’ve tried doing this in a PhaseListener class, but I’m not sure how to find out what Managed Bean is being called to perform refection on. I’ve read about a custome ElResolver, but I’m not sure if this is anything that will help me. I’ve also tried to find a way to simply create a listener that somehow knows when a method that is annotated with @Restrict has been invoked.

Environment Specifics:

Tomcat 6.0.35 (considering upgrading to Tomcat 7.0.27)
JSF version 2.1.7
RichFaces 4.1.0

I’m just looking for some guidance and some options available to me. Thank you to anyone who can help me with this!