Paul,
Any suggestions on annotation names? I've basically mirrored my implementation against the RolesRequired with a ResourceFilterFactory and an annotation called "SecureTransportRequired" and SecureTransportRequiredResourceFilterFactory..
Is there an existing example I can look at when implementing at the class level? I don't think the am.isAnnotationPresent() looks at the class level annotation does it?
thanks,
-jr
On Apr 14, 2010, at 3:16 AM, Paul Sandoz wrote:
>
> On Apr 13, 2010, at 7:44 PM, James Russo wrote:
>
>> Hello,
>>
>> Is there any way to enforce certain security requirements (like require https?) on certain RESTful methods? I'm thinking about writing an annotation to accomplish this (with a filter?), but wanted to know if there was a better way. If I do implement it, any interest in a patch to add this functionality? Any thoughts on annotation design?
>>
>> @RequireSecureChannel -> look for isSecure() method on request?
>>
>> My requirements are to just return forbidden, not attempt to redirect to the secure channel. It's an API interface. I suppose I could implement it at a servlet filter, but I'd rather keep the requirement of secure/non-secure close to the method itself.
>>
>
> A resource filter would be best, as you suggest. You could support the case that if the class is annotated then all resource methods, sub-resource methods and sub-resource locators are checked, unless they are overridden with an annotation that declares it does not care whether the request was made using a secure channel or not.
>
> And a contribution would be most welcome. Best way to do that is log an issue and attach a patch.
>
> Paul.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: dev-help_at_jersey.dev.java.net
>