public class RolesAllowedDynamicFeature extends Object implements jakarta.ws.rs.container.DynamicFeature
jakarta.annotation.security.DenyAllon resource methods and sub-resource methods. The
SecurityContextis utilized, using the
SecurityContext.isUserInRole(String)method, to ascertain if the user is in one of the roles declared in by a
@RolesAllowed. If a user is in none of the declared roles then a 403 (Forbidden) response is returned. If the
@DenyAllannotation is declared then a 403 (Forbidden) response is returned. If the
@PermitAllannotation is declared and is not overridden then this filter will not be applied. If a user is not authenticated and annotated method is restricted for certain roles then a 403 (Not Authenticated) response is returned.
|Constructor and Description|
|Modifier and Type||Method and Description|
Copyright © 2007-2021, Oracle and/or its affiliates. All Rights Reserved. Use is subject to license terms.