Class RolesAllowedDynamicFeature
java.lang.Object
org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature
- All Implemented Interfaces:
DynamicFeature
A
DynamicFeature
supporting the jakarta.annotation.security.RolesAllowed
,
jakarta.annotation.security.PermitAll
and jakarta.annotation.security.DenyAll
on resource methods and sub-resource methods.
The SecurityContext
is utilized, using the
SecurityContext.isUserInRole(String)
method,
to ascertain if the user is in one
of the roles declared in by a @RolesAllowed
. If a user is in none of
the declared roles then a 403 (Forbidden) response is returned.
If the @DenyAll
annotation is declared then a 403 (Forbidden) response
is returned.
If the @PermitAll
annotation is declared and is not overridden then
this filter will not be applied.
If a user is not authenticated and annotated method is restricted for certain roles then a 403
(Not Authenticated) response is returned.- Author:
- Paul Sandoz, Martin Matula
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoid
configure
(ResourceInfo resourceInfo, FeatureContext configuration)
-
Constructor Details
-
RolesAllowedDynamicFeature
public RolesAllowedDynamicFeature()
-
-
Method Details
-
configure
- Specified by:
configure
in interfaceDynamicFeature
-