Zoltan Arnold NAGY wrote:
> Paul Sandoz wrote:
>>
>> On Oct 7, 2009, at 5:36 PM, Felipe Gaucho wrote:
>>
>>> A filter?
>>>
>>
>> Yes, see ClientFilter and the source code for the LoggingFilter (see
>> below because java.net is so damn slow).
>>
>> You need to return an output stream in the implementation of
>> AbstractClientRequestAdapter .adapt that buffers the bytes then on
>> the close calculates the hash, sets the header and writes out the
>> bytes of the buffered output stream to the actual output stream.
> Thanks, it seems to be working. :)
>
> One question remains: is there a point setting the request's security
> context (user, principal, ...) in the filter,
> apart for providing it for general consumption outside jersey's scope
> (for the running container, I guess)?
>
Yes. It enables you to use the @RolesAllowed annotation on resource
classes (or methods) to do role-based access control for you.
> AFAICS, it's not used inside the resource in the example.
>
> Is there a way to extract the current securitycontext (or even enforce
> it) inside a resource?
> I found an old mail in the ML archives discussing it, but have it ever
> got implemented?
>
The "samples/atompub-contacts-server" sample app illustrates the use of
@RolesAllowed (note that there's an extra bit of configuration in
web.xml for this as well). If you want to use the security context more
dynamically, it can be injected (via @Context) like a lot of other
JAX-RS API objects.
Craig McClanahan
> Thanks,
> Zoltan
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>