Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
   *
   * Copyright (c) 2010-2011 Oracle and/or its affiliates. All rights reserved.
   *
   * The contents of this file are subject to the terms of either the GNU
   * General Public License Version 2 only ("GPL") or the Common Development
   * and Distribution License("CDDL") (collectively, the "License").  You
   * may not use this file except in compliance with the License.  You can
  * obtain a copy of the License at
  * http://glassfish.java.net/public/CDDL+GPL_1_1.html
  * or packager/legal/LICENSE.txt.  See the License for the specific
  * language governing permissions and limitations under the License.
  *
  * When distributing the software, include this License Header Notice in each
  * file and include the License file at packager/legal/LICENSE.txt.
  *
  * GPL Classpath Exception:
  * Oracle designates this particular file as subject to the "Classpath"
  * exception as provided by Oracle in the GPL Version 2 section of the License
  * file that accompanied this code.
  *
  * Modifications:
  * If applicable, add the following below the License Header, with the fields
  * enclosed by brackets [] replaced by your own identifying information:
  * "Portions Copyright [year] [name of copyright owner]"
  *
  * Contributor(s):
  * If you wish your version of this file to be governed by only the CDDL or
  * only the GPL Version 2, indicate your decision by adding "[Contributor]
  * elects to include this software in this distribution under the [CDDL or GPL
  * Version 2] license."  If you don't indicate a single choice of license, a
  * recipient has the option to distribute your version of this file under
  * either the CDDL, the GPL Version 2 or to extend the choice of license to
  * its licensees as provided above.  However, if you add GPL Version 2 code
  * and therefore, elected the GPL Version 2 license, then the option applies
  * only if the new code is made subject to such option by the copyright
  * holder.
  */
 package com.sun.jersey.api.container.filter;
 
 import java.util.List;
 
 import  javax.annotation.security.DenyAll;
 import  javax.annotation.security.PermitAll;
 import  javax.annotation.security.RolesAllowed;
A ResourceFilterFactory supporting the RolesAllowed, PermitAll and DenyAll on resource methods sub-resource methods, and sub-resource locators.

The SecurityContext is utilized, using the method, to ascertain if the user is in one of the roles declared in by a RolesAllowed. If a user is in none of the declared roles then a 403 (Forbidden) response is returned.

If the DenyAll annotation is declared then a 403 (Forbidden) response is returned.

If the PermitAll annotation is declared and is not overridden then this filter will not be applied.

When an application is deployed as a Servlet or Filter this Jersey resource filter can be registered using the following initialization parameter:

     <init-param>
         <param-name>com.sun.jersey.spi.container.ResourceFilters</param-name>
         <param-value>com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory</param-value>
     </init-param&gt
 

Author(s):
Paul.Sandoz@Sun.Com
See also:
com.sun.jersey.api.container.filter
 
 
     private @Context SecurityContext sc;
     
     private class Filter implements ResourceFilterContainerRequestFilter {
 
         private final boolean denyAll;
         private final String[] rolesAllowed;
 
         protected Filter() {
             this. = true;
             this. = null;
        }
        protected Filter(String[] rolesAllowed) {
            this. = false;
            this. = (rolesAllowed != null) ? rolesAllowed : new String[] {};
        }
        // ResourceFilter
        @Override
        public ContainerRequestFilter getRequestFilter() {
            return this;
        }
        @Override
        public ContainerResponseFilter getResponseFilter() {
            return null;
        }
        // ContainerRequestFilter
        
        @Override
        public ContainerRequest filter(ContainerRequest request) {
            if (!) {
                for (String role : ) {
                    if (.isUserInRole(role))
                        return request;
                }
            }
            
            throw new WebApplicationException(..);
        }
    }
    
    @Override
    public List<ResourceFiltercreate(AbstractMethod am) {
        // DenyAll on the method take precedence over RolesAllowed and PermitAll
        if (am.isAnnotationPresent(DenyAll.class))
            return Collections.<ResourceFilter>singletonList(new Filter());
        // RolesAllowed on the method takes precedence over PermitAll
        RolesAllowed ra = am.getAnnotation(RolesAllowed.class);
        if (ra != null)
            return Collections.<ResourceFilter>singletonList(new Filter(ra.value()));
        // PermitAll takes precedence over RolesAllowed on the class
        if (am.isAnnotationPresent(PermitAll.class))
            return null;
        // RolesAllowed on the class takes precedence over PermitAll
        ra = am.getResource().getAnnotation(RolesAllowed.class);
        if (ra != null)
            return Collections.<ResourceFilter>singletonList(new Filter(ra.value()));
        // No need to check whether PermitAll is present.
        return null;
    }
New to GrepCode? Check out our FAQ X