public class RolesAllowedDynamicFeature extends Object implements DynamicFeature
javax.annotation.security.DenyAllon resource methods and sub-resource methods. The
SecurityContextis utilized, using the
SecurityContext.isUserInRole(String)method, to ascertain if the user is in one of the roles declared in by a
@RolesAllowed. If a user is in none of the declared roles then a 403 (Forbidden) response is returned. If the
@DenyAllannotation is declared then a 403 (Forbidden) response is returned. If the
@PermitAllannotation is declared and is not overridden then this filter will not be applied. If a user is not authenticated and annotated method is restricted for certain roles then a 403 (Not Authenticated) response is returned.
|Constructor and Description|
public void configure(ResourceInfo resourceInfo, FeatureContext configuration)
runtime configurationscope of a particular
resource or sub-resource method; i.e. the providers that should be dynamically bound to the method.
The registered provider instances or classes are expected to be implementing one or more of the following interfaces:
A provider instance or class that does not implement any of the interfaces
above may be ignored by the JAX-RS implementation. In such case a
warning message must be logged.
JAX-RS implementations may support additional provider contracts that
can be registered using a dynamic feature concept.
Conceptually, this callback method is called during a
resource or sub-resource method discovery phase (typically once per each discovered
resource or sub-resource method) to register provider instances or classes in a
configuration scope of each particular method identified by the supplied
The responsibility of the feature is to properly update the supplied
Copyright © 2007-2017, Oracle and/or its affiliates. All Rights Reserved. Use is subject to license terms.