Class RolesAllowedDynamicFeature
java.lang.Object
org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature
- All Implemented Interfaces:
javax.ws.rs.container.DynamicFeature
public class RolesAllowedDynamicFeature
extends Object
implements javax.ws.rs.container.DynamicFeature
A
DynamicFeature
supporting the javax.annotation.security.RolesAllowed
,
javax.annotation.security.PermitAll
and javax.annotation.security.DenyAll
on resource methods and sub-resource methods.
The SecurityContext
is utilized, using the
SecurityContext.isUserInRole(String)
method,
to ascertain if the user is in one
of the roles declared in by a @RolesAllowed
. If a user is in none of
the declared roles then a 403 (Forbidden) response is returned.
If the @DenyAll
annotation is declared then a 403 (Forbidden) response
is returned.
If the @PermitAll
annotation is declared and is not overridden then
this filter will not be applied.
If a user is not authenticated and annotated method is restricted for certain roles then a 403
(Not Authenticated) response is returned.-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate static class
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoid
configure
(javax.ws.rs.container.ResourceInfo resourceInfo, javax.ws.rs.core.FeatureContext configuration)
-
Constructor Details
-
RolesAllowedDynamicFeature
public RolesAllowedDynamicFeature()
-
-
Method Details
-
configure
public void configure(javax.ws.rs.container.ResourceInfo resourceInfo, javax.ws.rs.core.FeatureContext configuration) - Specified by:
configure
in interfacejavax.ws.rs.container.DynamicFeature
-