A
DynamicFeature
supporting the
javax.annotation.security.RolesAllowed
,
javax.annotation.security.PermitAll
and
javax.annotation.security.DenyAll
on resource methods and sub-resource methods.
The
SecurityContext
is utilized, using the
SecurityContext.isUserInRole(String)
method,
to ascertain if the user is in one
of the roles declared in by a
@RolesAllowed
. If a user is in none of
the declared roles then a 403 (Forbidden) response is returned.
If the
@DenyAll
annotation is declared then a 403 (Forbidden) response
is returned.
If the
@PermitAll
annotation is declared and is not overridden then
this filter will not be applied.
If a user is not authenticated and annotated method is restricted for certain roles then a 403
(Not Authenticated) response is returned.