Interface SubjectSecurityContext

  • All Superinterfaces:
    javax.ws.rs.core.SecurityContext

    public interface SubjectSecurityContext
    extends javax.ws.rs.core.SecurityContext
    Security context that allows establishing a subject before a resource method or a sub-resource locator is called. Container or filters should set an implementation of this interface to the request context using ContainerRequest.setSecurityContext(javax.ws.rs.core.SecurityContext). When Jersey detects this kind of context is in the request scope, it will use doAsSubject(java.security.PrivilegedAction) method to dispatch the request to a resource method (or to call a sub-resource locator).
    • Field Summary

      • Fields inherited from interface javax.ws.rs.core.SecurityContext

        BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH
    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      java.lang.Object doAsSubject​(java.security.PrivilegedAction action)
      Jersey wraps calls to resource methods and sub-resource locators in PrivilegedAction instance and passes it to this method when dispatching a request.
      • Methods inherited from interface javax.ws.rs.core.SecurityContext

        getAuthenticationScheme, getUserPrincipal, isSecure, isUserInRole
    • Method Detail

      • doAsSubject

        java.lang.Object doAsSubject​(java.security.PrivilegedAction action)
        Jersey wraps calls to resource methods and sub-resource locators in PrivilegedAction instance and passes it to this method when dispatching a request. Implementations should do the needful to establish a Subject and invoke the PrivilegedAction passed as the parameter using Subject.doAs(javax.security.auth.Subject, java.security.PrivilegedAction).

        The privileged action passed into the method may, when invoked, fail with either WebApplicationException or ProcessingException. Both these exceptions must be propagated to the caller without a modification.

        Parameters:
        action - PrivilegedAction that represents a resource or sub-resource locator method invocation to be executed by this method after establishing a subject.
        Returns:
        result of the action.
        Throws:
        java.lang.NullPointerException - if the PrivilegedAction is null.
        java.lang.SecurityException - if the caller does not have permission to invoke the Subject#doAs(Subject, PrivilegedAction) method.
        javax.ws.rs.WebApplicationException - propagated exception from the privileged action. May be thrown in case the invocation of resource or sub-resource locator method in the privileged action results in this exception.
        javax.ws.rs.ProcessingException - propagated exception from the privileged action. May be thrown in case the invocation of resource or sub-resource locator method in the privileged action has failed or resulted in a non-checked exception.