Class RolesAllowedDynamicFeature

  • All Implemented Interfaces:
    javax.ws.rs.container.DynamicFeature

    public class RolesAllowedDynamicFeature
    extends java.lang.Object
    implements javax.ws.rs.container.DynamicFeature
    A DynamicFeature supporting the javax.annotation.security.RolesAllowed, javax.annotation.security.PermitAll and javax.annotation.security.DenyAll on resource methods and sub-resource methods.

    The SecurityContext is utilized, using the SecurityContext.isUserInRole(String) method, to ascertain if the user is in one of the roles declared in by a @RolesAllowed. If a user is in none of the declared roles then a 403 (Forbidden) response is returned.

    If the @DenyAll annotation is declared then a 403 (Forbidden) response is returned.

    If the @PermitAll annotation is declared and is not overridden then this filter will not be applied.

    If a user is not authenticated and annotated method is restricted for certain roles then a 403 (Not Authenticated) response is returned.

    • Constructor Detail

      • RolesAllowedDynamicFeature

        public RolesAllowedDynamicFeature()
    • Method Detail

      • configure

        public void configure​(javax.ws.rs.container.ResourceInfo resourceInfo,
                              javax.ws.rs.core.FeatureContext configuration)
        Specified by:
        configure in interface javax.ws.rs.container.DynamicFeature