org.glassfish.jersey.server.filter

Class RolesAllowedDynamicFeature

java.lang.Object

org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature

All Implemented Interfaces:

DynamicFeature

public class RolesAllowedDynamicFeature
extends Object
implements DynamicFeature

A DynamicFeature supporting the jakarta.annotation.security.RolesAllowed, jakarta.annotation.security.PermitAll and jakarta.annotation.security.DenyAll on resource methods and sub-resource methods.

The SecurityContext is utilized, using the SecurityContext.isUserInRole(String) method, to ascertain if the user is in one of the roles declared in by a @RolesAllowed. If a user is in none of the declared roles then a 403 (Forbidden) response is returned.

If the @DenyAll annotation is declared then a 403 (Forbidden) response is returned.

If the @PermitAll annotation is declared and is not overridden then this filter will not be applied.

If a user is not authenticated and annotated method is restricted for certain roles then a 403 (Not Authenticated) response is returned.

Author:

Paul Sandoz, Martin Matula

Constructor Summary

Constructors

Constructor and Description
RolesAllowedDynamicFeature()

Method Summary

Modifier and Type	Method and Description
void	configure(ResourceInfo resourceInfo, FeatureContext configuration) A callback method called by the JAX-RS runtime during the application deployment to register provider instances or classes in a runtime configuration scope of a particular resource or sub-resource method; i.e.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RolesAllowedDynamicFeature

public RolesAllowedDynamicFeature()

Method Detail

configure

public void configure(ResourceInfo resourceInfo,
                      FeatureContext configuration)

Description copied from interface: DynamicFeature

A callback method called by the JAX-RS runtime during the application deployment to register provider instances or classes in a runtime configuration scope of a particular resource or sub-resource method; i.e. the providers that should be dynamically bound to the method.

The registered provider instances or classes are expected to be implementing one or more of the following interfaces:

• ContainerRequestFilter
• ContainerResponseFilter
• ReaderInterceptor
• WriterInterceptor
• Feature

A provider instance or class that does not implement any of the interfaces above may be ignored by the JAX-RS implementation. In such case a warning message must be logged. JAX-RS implementations may support additional provider contracts that can be registered using a dynamic feature concept.

Conceptually, this callback method is called during a resource or sub-resource method discovery phase (typically once per each discovered resource or sub-resource method) to register provider instances or classes in a configuration scope of each particular method identified by the supplied resource information. The responsibility of the feature is to properly update the supplied configuration context.

Specified by:

configure in interface DynamicFeature

Parameters:

resourceInfo - resource class and method information.

configuration - configurable resource or sub-resource method-level runtime context associated with the resourceInfo in which the feature