org.glassfish.jersey.server.filter
Class RolesAllowedDynamicBinder

java.lang.Object
  org.glassfish.jersey.server.filter.RolesAllowedDynamicBinder

All Implemented Interfaces:

DynamicBinder<ContainerRequestFilter>

public class RolesAllowedDynamicBinder
extends java.lang.Object
implements DynamicBinder<ContainerRequestFilter>

A DynamicBinder supporting the javax.annotation.security.RolesAllowed, javax.annotation.security.PermitAll and javax.annotation.security.DenyAll on resource methods and sub-resource methods.

The SecurityContext is utilized, using the SecurityContext.isUserInRole(String) method, to ascertain if the user is in one of the roles declared in by a @RolesAllowed. If a user is in none of the declared roles then a 403 (Forbidden) response is returned.

If the @DenyAll annotation is declared then a 403 (Forbidden) response is returned.

If the @PermitAll annotation is declared and is not overridden then this filter will not be applied.

Author:

Paul Sandoz (paul.sandoz at oracle.com), Martin Matula (martin.matula at oracle.com)

Constructor Summary

RolesAllowedDynamicBinder()

Method Summary

ContainerRequestFilter

getBoundProvider(ResourceInfo resourceInfo)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RolesAllowedDynamicBinder

public RolesAllowedDynamicBinder()

Method Detail

getBoundProvider

public ContainerRequestFilter getBoundProvider(ResourceInfo resourceInfo)

Specified by:

getBoundProvider in interface DynamicBinder<ContainerRequestFilter>