Geek Answers Handbook

How to switch from authorization based on web.xml to authorization through annotations in the JAX-RS application

I have a working (based on web.xml) verification and authorization of the container. Due to the <url-pattern> limitation, I need switch to javax.annotation.security . I found out that I need additional customization in my web.xml to enable role-based security annotations. Described in UserGuide RESTEasy

But this does not work for me: I get an error 404 (Could not find a resource for a relative: / services / customers / 1) depending on

 <servlet> <servlet-name>Resteasy</servlet-name> <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class> </servlet> <servlet-mapping> <servlet-name>Resteasy</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping>

defined in web.xml or not immediately after <context-param> and <listener>

This is my old (existing) web.xml:

 <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"> <display-name>Store_Service</display-name> <session-config> <session-timeout>10</session-timeout> </session-config> <security-constraint> <web-resource-collection> <web-resource-name>SSL Secured WebService</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Authenticated customers only</web-resource-name> <url-pattern>/services/customers/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>CUST</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Authentication-REALM</realm-name> </login-config> <security-role> <role-name>CUST</role-name> </security-role> <security-role> <role-name>ADMIN</role-name> </security-role> <welcome-file-list> <welcome-file>/index.xhtml</welcome-file> </welcome-file-list> <context-param> <param-name>javax.faces.PROJECT_STAGE</param-name> <param-value>Development</param-value> </context-param> </web-app>

Which configuration items are still needed and which need to be added to make @RolesAllowed("CUST") work.

+8
java security authorization jboss resteasy
source share
2 answers

I believe your web.xml needs the following:

 <context-param> <param-name>resteasy.role.based.security</param-name> <param-value>true</param-value> </context-param>

If all else fails, you can try using the standard method using SecurityContext:

 @Context SecurityContext myContext; @GET @javax.ws.rs.Produces("text/html") public Response doGet() { if(myContext.isUserInRole("CUST") == false) { return Response.status(Response.Status.UNAUTHORIZED).build(); } }
+1
source share

I'm not sure about RESTEasy, but if you want to do the same thing in RESTful here, you will get the link below that can give your answer. So that you register your security filter using the resource configuration, then add this resource configuration to the web.xml file.

http://howtodoinjava.com/jersey/jersey-rest-security/

0
source share

More articles:


All Articles