Annotations are cool, and since I am using EJBs underneath the Jersey
as persistence facade, I already can use @RolesAllowed and let Jersey
just throw the underneath exception in case of the non-authenticated
users... but:
annotations for security is perhaps a bit too much :)
To include the security constraints in the code force us to change and
recompile the code everytime we need to change the security mappings..
a bit too rigid for the real world...
It works, it is sexy, but in real world I guess it will not be a big
bang :) let's see......
thanks for your tips.. helped a lot.. I need to refactor my code now.. :)
On Wed, Sep 16, 2009 at 7:30 PM, Marc Hadley <Marc.Hadley_at_sun.com> wrote:
> On Sep 16, 2009, at 1:17 PM, Felipe Gaścho wrote:
>
>> so in Jersey we should never use a variable as first element of a path:
>>
>> {var}/path2/path3
>>
>> If we want to secure this urls...
>>
>> boring :) so now I need to change my URLs to satisfy the web.xml :)
>>
> Indeed. In an EE 6 container you will be able to use @RolesAllowed to
> accomplish the same thing on a method or class level. I think this will be a
> better solution once its available.
>
> Marc.
>
>>
>>
>> On Wed, Sep 16, 2009 at 7:10 PM, Marc Hadley <Marc.Hadley_at_sun.com> wrote:
>>>
>>> I think the problem is that web.xml isn't as expressive as you'd like. I
>>> think only a trailing * or *.something is supported. My guess is that if
>>> you
>>> tried:
>>>
>>> curl -v -H "Accept: application/json" -XPOST
>>> http://fgaucho.dyndns.org:8080/arena-http/*/homework/teste
>>>
>>> then you might hit the auth constraint.
>>>
>>> Marc.
>>>
>>> On Sep 16, 2009, at 11:58 AM, Felipe Gaścho wrote:
>>>
>>>> @Path("{puj}/homework")
>>>> public class PujHomeworkResource {
>>>> @POST
>>>> @Path("{acronym}")
>>>> public PujHomeworkEntity create(@PathParam("puj") String name,
>>>> @PathParam("acronym") String acronym) { ...... }
>>>> }
>>>>
>>>> what is the pattern to the method create ??
>>>>
>>>> The test curl command is something like:
>>>>
>>>> curl -v -H "Accept: application/json" -XPOST
>>>> http://fgaucho.dyndns.org:8080/arena-http/PUJCE-08/homework/teste
>>>>
>>>> but it passed direct.. without authentication error ...
>>>>
>>>> I tried in my web.xml
>>>>
>>>> <url-pattern>/*/homework/*</url-pattern>
>>>>
>>>> without success :(
>>>>
>>>>
>>>> <web-resource-collection>
>>>> <web-resource-name>Create Homework is restricted
>>>> to
>>>> Professors</web-resource-name>
>>>> <description />
>>>> <url-pattern>/*/homework/*</url-pattern>
>>>> <http-method>POST</http-method>
>>>> </web-resource-collection>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
>>>> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
>>> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>>>
>>>
>>
>>
>>
>> --
>> Looking for a client application for this service:
>> http://fgaucho.dyndns.org:8080/footprint-service/wadl
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
>> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>
>
--
Looking for a client application for this service:
http://fgaucho.dyndns.org:8080/footprint-service/wadl