public class RolesAllowedResourceFilterFactory extends java.lang.Object implements ResourceFilterFactory
ResourceFilterFactory
supporting the RolesAllowed
,
PermitAll
and DenyAll
on resource methods sub-resource methods,
and sub-resource locators.
The SecurityContext
is utilized, using the
SecurityContext.isUserInRole(java.lang.String)
method,
to ascertain if the user is in one
of the roles declared in by a RolesAllowed
. If a user is in none of
the declared roles then a 403 (Forbidden) response is returned.
If the DenyAll
annotation is declared then a 403 (Forbidden) response
is returned.
If the PermitAll
annotation is declared and is not overridden then
this filter will not be applied.
When an application is deployed as a Servlet or Filter this Jersey resource filter can be registered using the following initialization parameter:
<init-param> <param-name>com.sun.jersey.spi.container.ResourceFilters</param-name> <param-value>com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory</param-value> </init-param>
com.sun.jersey.api.container.filter
Constructor and Description |
---|
RolesAllowedResourceFilterFactory() |
Modifier and Type | Method and Description |
---|---|
java.util.List<ResourceFilter> |
create(AbstractMethod am)
Create a list of
ResourceFilter instance given a method
of the abstract resource model. |
public java.util.List<ResourceFilter> create(AbstractMethod am)
ResourceFilterFactory
ResourceFilter
instance given a method
of the abstract resource model.
When applying the list of resource filters to a request each resource filter is applied, in order, from the first to last entry in the list. When applying the list of resource filters to a response each resource filter is applied, in reverse order, from the last to first entry in the list.
create
in interface ResourceFilterFactory
am
- the abstract method. This may be an instance
of the following: AbstractResourceMethod
,
AbstractSubResourceMethod
or AbstractSubResourceLocator
.Copyright © 2016 Oracle Corporation. All Rights Reserved.