Enthuware

Java Certification Resources and Java Discussion Forum
https://www.enthuware.com/forum/

About Question enthuware.ocejws.v6.2.320 :

https://www.enthuware.com/forum/viewtopic.php?f=40&t=2492

Page 1 of 1

About Question enthuware.ocejws.v6.2.320 :

Posted: Sun Apr 06, 2014 3:35 pm
by himaiMinh
For the sake of discussion, if the JAX-RS resource is deployed as a servlet, we can still use @RolesAllowed annotation. Here is an example from chapter 15 Security of Jersey user guide:

Code: Select all

@Path("/")
@PermitAll
public class Resource {
    @RolesAllowed("user")
    @GET
    public String get() { return "GET"; }
 
    @RolesAllowed("admin")
    @POST
    public String post(String content) { return content; }
 
    @Path("sub")
    public SubResource getSubResource() {
        return new SubResource();
    }
}

Re: About Question enthuware.ocejws.v6.2.320 :

Posted: Sun Apr 06, 2014 4:59 pm
by himaiMinh
Let me fix my previous post.
After some research from the web sites (http://docs.oracle.com/html/E13981_01/servsecr004.htm and http://pic.dhe.ibm.com/infocenter/wasin ... tions.html),
there are some security annotations defined for EJB and some other annotations defined for servlet.
For example,
@DeclareRole is for Servlet 2.5 or above and EJB 3
@PermitAll, @RolesAllowed and @DenyAll are for EJB 3
@ServletSecurity is for Servlet 3.0
eg. @ServletSecurity (httpMethodConstraint= {@HttpMethodConstraint (value="GET", rolesAllowed="All Role")})

As I can tell, @RolesAllowed cannot be used in JAX-RS deployed as a servlet.

Re: About Question enthuware.ocejws.v6.2.320 :

Posted: Mon Apr 07, 2014 9:16 am
by fjwalraven
Correct.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited