Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.glassfish.jersey.server.filter
Class RolesAllowedDynamicBinder

java.lang.Object
  extended by org.glassfish.jersey.server.filter.RolesAllowedDynamicBinder
All Implemented Interfaces:
DynamicBinder<ContainerRequestFilter>
public class RolesAllowedDynamicBinder
extends java.lang.Object
implements DynamicBinder<ContainerRequestFilter>

A DynamicBinder supporting the javax.annotation.security.RolesAllowed, javax.annotation.security.PermitAll and javax.annotation.security.DenyAll on resource methods and sub-resource methods.

The SecurityContext is utilized, using the SecurityContext.isUserInRole(String) method, to ascertain if the user is in one of the roles declared in by a &#64;RolesAllowed. If a user is in none of the declared roles then a 403 (Forbidden) response is returned.

If the &#64;DenyAll annotation is declared then a 403 (Forbidden) response is returned.

If the &#64;PermitAll annotation is declared and is not overridden then this filter will not be applied.

Author:
Paul Sandoz (paul.sandoz at oracle.com), Martin Matula (martin.matula at oracle.com)

Constructor Summary
RolesAllowedDynamicBinder()
           
 
Method Summary
 ContainerRequestFilter getBoundProvider(ResourceInfo resourceInfo)
          Get the filter or interceptor instance or class that should be bound to the particular resource method.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RolesAllowedDynamicBinder

public RolesAllowedDynamicBinder()
Method Detail

getBoundProvider

public ContainerRequestFilter getBoundProvider(ResourceInfo resourceInfo)
Description copied from interface: DynamicBinder
Get the filter or interceptor instance or class that should be bound to the particular resource method. May return null.

The returned provider instance or class is expected to be implementing one or more of the following interfaces:

A provider instance or class that does not implement any of the interfaces above is ignored and a warning message is logged.

If the returned object is a Class<P>, JAX-RS runtime will resolve the class to an instance of type P by first looking at the already registered provider instances. If there is already a provider instance of the class registered, the JAX-RS runtime will use it, otherwise a new provider instance of the class will be instantiated, injected and registered by the JAX-RS runtime.

In case the resolving the returned provider class to an instance fails for any reason, the dynamically bound provider class is ignored and a warning message is logged.

The method is called during a (sub)resource method discovery phase (typically once per each discovered (sub)resource method) to return a filter instance that should be bound to a particular (sub)resource method identified by the supplied resource information.

Specified by:
getBoundProvider in interface DynamicBinder<ContainerRequestFilter>
Parameters:
resourceInfo - resource class and method information.
Returns:
a filter or interceptor instance that should be dynamically bound to the (sub)resource method or null otherwise.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2007-2012 Oracle Corporation. All Rights Reserved. Use is subject to license terms.