com.sun.jersey.api.container.filter.servlet

Class RolesAllowedResourceFilterFactory

java.lang.Object

com.sun.jersey.api.container.filter.servlet.RolesAllowedResourceFilterFactory

All Implemented Interfaces:

ResourceFilterFactory

public class RolesAllowedResourceFilterFactory
extends java.lang.Object
implements ResourceFilterFactory

A ResourceFilterFactory supporting the RolesAllowed, PermitAll and DenyAll on resource methods sub-resource methods, and sub-resource locators.

The SecurityContext is utilized, using the SecurityContext.isUserInRole(java.lang.String) method, to ascertain if the user is in one of the roles declared in by a RolesAllowed. If a user is in none of the declared roles then a 403 (Forbidden) response is returned.

If the DenyAll annotation is declared then a 403 (Forbidden) response is returned.

If the PermitAll annotation is declared and is not overridden then this filter will not be applied.

When an application is deployed as a Servlet or Filter this Jersey resource filter can be registered using the following initialization parameter:

     <init-param>
         <param-name>com.sun.jersey.spi.container.ResourceFilters</param-name>
         <param-value>com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory</param-value>
     </init-param>
 

Author:

Paul.Sandoz@Sun.Com

See Also:

com.sun.jersey.api.container.filter

Constructor Summary

Constructors

Constructor and Description
RolesAllowedResourceFilterFactory()

Method Summary

Methods

Modifier and Type	Method and Description
java.util.List<ResourceFilter>	create(AbstractMethod am)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RolesAllowedResourceFilterFactory

public RolesAllowedResourceFilterFactory()

Method Detail

create

public java.util.List<ResourceFilter> create(AbstractMethod am)

Specified by:

create in interface ResourceFilterFactory