public class RolesAllowedResourceFilterFactory extends java.lang.Object implements ResourceFilterFactory
ResourceFilterFactory supporting the RolesAllowed,
PermitAll and DenyAll on resource methods sub-resource methods,
and sub-resource locators.
The SecurityContext is utilized, using the
SecurityContext.isUserInRole(java.lang.String) method,
to ascertain if the user is in one
of the roles declared in by a RolesAllowed. If a user is in none of
the declared roles then a 403 (Forbidden) response is returned.
If the DenyAll annotation is declared then a 403 (Forbidden) response
is returned.
If the PermitAll annotation is declared and is not overridden then
this filter will not be applied.
When an application is deployed as a Servlet or Filter this Jersey resource filter can be registered using the following initialization parameter:
<init-param>
<param-name>com.sun.jersey.spi.container.ResourceFilters</param-name>
<param-value>com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory</param-value>
</init-param>
com.sun.jersey.api.container.filter| Constructor and Description |
|---|
RolesAllowedResourceFilterFactory() |
| Modifier and Type | Method and Description |
|---|---|
java.util.List<ResourceFilter> |
create(AbstractMethod am)
Create a list of
ResourceFilter instance given a method
of the abstract resource model. |
public java.util.List<ResourceFilter> create(AbstractMethod am)
ResourceFilterFactoryResourceFilter instance given a method
of the abstract resource model.
When applying the list of resource filters to a request each resource filter is applied, in order, from the first to last entry in the list. When applying the list of resource filters to a response each resource filter is applied, in reverse order, from the last to first entry in the list.
create in interface ResourceFilterFactoryam - the abstract method. This may be an instance
of the following: AbstractResourceMethod,
AbstractSubResourceMethod or AbstractSubResourceLocator.Copyright © 2016 Oracle Corporation. All Rights Reserved.