org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature

All Implemented Interfaces:: DynamicFeature

public class RolesAllowedDynamicFeature extends Object implements DynamicFeature

A DynamicFeature supporting the jakarta.annotation.security.RolesAllowed, jakarta.annotation.security.PermitAll and jakarta.annotation.security.DenyAll on resource methods and sub-resource methods.

The SecurityContext is utilized, using the SecurityContext.isUserInRole(String) method, to ascertain if the user is in one of the roles declared in by a @RolesAllowed. If a user is in none of the declared roles then a 403 (Forbidden) response is returned.

If the @DenyAll annotation is declared then a 403 (Forbidden) response is returned.

If the @PermitAll annotation is declared and is not overridden then this filter will not be applied.

If a user is not authenticated and annotated method is restricted for certain roles then a 403 (Not Authenticated) response is returned.

Author:: Paul Sandoz, Martin Matula

Constructor Summary

Constructors

Constructor

Description

RolesAllowedDynamicFeature()
Method Summary

Modifier and Type

Method

Description

void

configure(ResourceInfo resourceInfo, FeatureContext configuration)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- RolesAllowedDynamicFeature
  
  public RolesAllowedDynamicFeature()
Method Details
- configure
  
  public void configure(ResourceInfo resourceInfo, FeatureContext configuration)
  
  Specified by:
  
  configure in interface DynamicFeature

Class RolesAllowedDynamicFeature

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

RolesAllowedDynamicFeature

Method Details

configure