- All Implemented Interfaces:
jakarta.annotation.security.DenyAllon resource methods and sub-resource methods. The
SecurityContextis utilized, using the
SecurityContext.isUserInRole(String)method, to ascertain if the user is in one of the roles declared in by a
@RolesAllowed. If a user is in none of the declared roles then a 403 (Forbidden) response is returned. If the
@DenyAllannotation is declared then a 403 (Forbidden) response is returned. If the
@PermitAllannotation is declared and is not overridden then this filter will not be applied. If a user is not authenticated and annotated method is restricted for certain roles then a 403 (Not Authenticated) response is returned.
- Paul Sandoz, Martin Matula