Hi,
Say I have a requested resource located at:
/myapp/rest/accounts/{username}/state
(/myapp/rest/* is handled by the jersey ServletContainer used as a filter)
I want to ensure the user has the role admin or the username @PathParam equals the Principal's name.
((Every time I do the work, it has tended to be the long way around because later I find that there is a much more convenient/clean/elegant solution existing in Jersey.))
What I am doing (which seems like the long way) is having the following in a superclass that gets extended by most of my rest pojos. So, I have a convenience 'isAuthorized' method that allows users with the role 'admin' through or users that have Principals whose name matches the uri template variable.
Is there a better, jersey way of doing this?
@Context SecurityContext security;
protected boolean isAdmin() {
return security.isUserInRole(adminRole);
}
protected boolean isTargetUser(String email) {
return security.getUserPrincipal().getName().equalsIgnoreCase(email);
}
protected boolean isAuthorized(String email) {
if (isTargetUser(email) || isAdmin()) {
return true;
}
return false;
}
protected boolean isAuthorized(String email, String role) {
...
}
protected boolean isAuthorized(String email, List<String> roles) {
...
}