org.glassfish.jersey.server.filter

Class RolesAllowedDynamicFeature

java.lang.Object

org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature

All Implemented Interfaces:

javax.ws.rs.container.DynamicFeature

public class RolesAllowedDynamicFeature
extends Object
implements javax.ws.rs.container.DynamicFeature

A DynamicFeature supporting the javax.annotation.security.RolesAllowed, javax.annotation.security.PermitAll and javax.annotation.security.DenyAll on resource methods and sub-resource methods.

The SecurityContext is utilized, using the SecurityContext.isUserInRole(String) method, to ascertain if the user is in one of the roles declared in by a @RolesAllowed. If a user is in none of the declared roles then a 403 (Forbidden) response is returned.

If the @DenyAll annotation is declared then a 403 (Forbidden) response is returned.

If the @PermitAll annotation is declared and is not overridden then this filter will not be applied.

Author:

Paul Sandoz (paul.sandoz at oracle.com), Martin Matula (martin.matula at oracle.com)

Constructor Summary

Constructors

Constructor and Description
RolesAllowedDynamicFeature()

Method Summary

Methods

Modifier and Type	Method and Description
void	configure(javax.ws.rs.container.ResourceInfo resourceInfo, javax.ws.rs.core.FeatureContext configuration)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RolesAllowedDynamicFeature

public RolesAllowedDynamicFeature()

Method Detail

configure

public void configure(javax.ws.rs.container.ResourceInfo resourceInfo,
             javax.ws.rs.core.FeatureContext configuration)

Specified by:

configure in interface javax.ws.rs.container.DynamicFeature