Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
   * Copyright (c) 2010-2011 Oracle and/or its affiliates. All rights reserved.
   * The contents of this file are subject to the terms of either the GNU
   * General Public License Version 2 only ("GPL") or the Common Development
   * and Distribution License("CDDL") (collectively, the "License").  You
   * may not use this file except in compliance with the License.  You can
  * obtain a copy of the License at
  * or packager/legal/LICENSE.txt.  See the License for the specific
  * language governing permissions and limitations under the License.
  * When distributing the software, include this License Header Notice in each
  * file and include the License file at packager/legal/LICENSE.txt.
  * GPL Classpath Exception:
  * Oracle designates this particular file as subject to the "Classpath"
  * exception as provided by Oracle in the GPL Version 2 section of the License
  * file that accompanied this code.
  * Modifications:
  * If applicable, add the following below the License Header, with the fields
  * enclosed by brackets [] replaced by your own identifying information:
  * "Portions Copyright [year] [name of copyright owner]"
  * Contributor(s):
  * If you wish your version of this file to be governed by only the CDDL or
  * only the GPL Version 2, indicate your decision by adding "[Contributor]
  * elects to include this software in this distribution under the [CDDL or GPL
  * Version 2] license."  If you don't indicate a single choice of license, a
  * recipient has the option to distribute your version of this file under
  * either the CDDL, the GPL Version 2 or to extend the choice of license to
  * its licensees as provided above.  However, if you add GPL Version 2 code
  * and therefore, elected the GPL Version 2 license, then the option applies
  * only if the new code is made subject to such option by the copyright
  * holder.
 package com.sun.jersey.api.container.filter.servlet;
 import java.util.List;
A ResourceFilterFactory supporting the RolesAllowed, PermitAll and DenyAll on resource methods sub-resource methods, and sub-resource locators.

The SecurityContext is utilized, using the method, to ascertain if the user is in one of the roles declared in by a RolesAllowed. If a user is in none of the declared roles then a 403 (Forbidden) response is returned.

If the DenyAll annotation is declared then a 403 (Forbidden) response is returned.

If the PermitAll annotation is declared and is not overridden then this filter will not be applied.

When an application is deployed as a Servlet or Filter this Jersey resource filter can be registered using the following initialization parameter:


See also:
     private @Context SecurityContext sc;
     private class Filter implements ResourceFilterContainerRequestFilter {
         private final boolean denyAll;
         private final String[] rolesAllowed;
         protected Filter() {
             this. = true;
             this. = null;
        protected Filter(String[] rolesAllowed) {
            this. = false;
            this. = (rolesAllowed != null) ? rolesAllowed : new String[] {};
        // ResourceFilter
        public ContainerRequestFilter getRequestFilter() {
            return this;
        public ContainerResponseFilter getResponseFilter() {
            return null;
        // ContainerRequestFilter
        public ContainerRequest filter(ContainerRequest request) {
            if (!) {
                for (String role : ) {
                    if (.isUserInRole(role))
                        return request;
            throw new WebApplicationException(..);
    public List<ResourceFiltercreate(AbstractMethod am) {
        // DenyAll on the method take precedence over RolesAllowed and PermitAll
        if (am.isAnnotationPresent(DenyAll.class))
            return Collections.<ResourceFilter>singletonList(new Filter());
        // RolesAllowed on the method takes precedence over PermitAll
        RolesAllowed ra = am.getAnnotation(RolesAllowed.class);
        if (ra != null)
            return Collections.<ResourceFilter>singletonList(new Filter(ra.value()));
        // PermitAll takes precedence over RolesAllowed on the class
        if (am.isAnnotationPresent(PermitAll.class))
            return null;
        // RolesAllowed on the class takes precedence over PermitAll
        ra = am.getResource().getAnnotation(RolesAllowed.class);
        if (ra != null)
            return Collections.<ResourceFilter>singletonList(new Filter(ra.value()));
        // No need to check whether PermitAll is present.
        return null;
New to GrepCode? Check out our FAQ X