TinusSky
Reputation: 1737
@RolesAllowed is not working with custom SecurityContext in Jersey?
I have a simple jersey 2.4 resource:
@RolesAllowed("admin")
public List<Folder> list(){}
I also have a ContainerRequestFilter which sets custom securitycontext:
public void filter(ContainerRequestContext requestContext) throws IOException {
requestContext.setSecurityContext(new MySecurityContext(...));
}
In the list() function i do get the correct securitycontext: MySecurityContext. And a call "securityContext.isUserInRole("admin")" works.
But the annotation @RolesAllowed doesn't seem to do anything, the function isUserInRole of MySecurityContext is never called.
Do i need to do something special to get the @RolesAllowed to work?
Upvotes: 4
Views: 3416
Answers (2)
LeoMandrak
Reputation: 99
You can use this below in your web.xml
<context-param>
<param-name>resteasy.role.based.security</param-name>
<param-value>true</param-value>
</context-param>
Upvotes: 1
TinusSky
Reputation: 1737
Found it :-)
@RolesAllowed("admin") not @RolesAllowed("{admin}")
and the most important one:
register(RolesAllowedDynamicFeature.class);
Upvotes: 8
Related Questions
- @RolesAllowed doesn't work
- RolesAllowed Annotation in Jersey REST-Servlet not working
- SecurityContext doesn't work with @RolesAllowed
- Java jersey RestService ignoring @RolesAllowed
- JAX-RS (Jersey 2) security, @PermitAll and @RolesAllowed not working as expected
- @RolesAllowed always rejected (forbidden) on Jersey resource
- How to access Jersey resource secured by @RolesAllowed
- JAX-RS custom SecurityContext leads to wrong error code in Jersey
- Authorization with RolesAllowedDynamicFeature and Jersey
- Unable to retrieve security context from within Spring-Jersey