users@jersey.java.net

Re: [Jersey] Using the Security Annotations

From: Ersin Er <ersin.er_at_gmail.com>
Date: Thu, 25 Mar 2010 18:49:01 +0200

Thanks, it works file now.

On Thu, Mar 25, 2010 at 11:42, Paul Sandoz <Paul.Sandoz_at_sun.com> wrote:

> Hi,
>
> To enable the use of @RolesAllowed on say tomcat you need to declare the
> following request filter:
>
>
> https://jersey.dev.java.net/nonav/apidocs/latest/jersey/com/sun/jersey/api/container/filter/RolesAllowedResourceFilterFactory.html
>
> in your web.xml.
>
> Paul.
>
>
> On Mar 24, 2010, at 11:06 PM, Ersin Er wrote:
>
> Hi,
>>
>> I am trying to secure my application using the JSR-250 Security
>> Annotations. I have a setup as follows:
>>
>> A tomcat-users.xml file:
>>
>> <tomcat-users>
>> <role rolename="role1"/>
>> <role rolename="role2"/>
>> <user username="user1" password="pass1" roles="role1"/>
>> <user username="user2" password="pass2" roles="role2"/>
>> </tomcat-users>
>>
>> So I am deploying to Tomcat using the MemoryRealm as I defined in the
>> META-INF/context.xml:
>>
>> <Realm className="org.apache.catalina.realm.MemoryRealm" debug="99"
>> pathname="<<<Full Path To tomcat-users.xml>>>"/>
>>
>> web.xml:
>>
>> <security-constraint>
>> <web-resource-collection>
>> <url-pattern>/resources/*</url-pattern>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>*</role-name>
>> </auth-constraint>
>> </security-constraint>
>>
>> <login-config>
>> <auth-method>BASIC</auth-method>
>> </login-config>
>>
>> <security-role>
>> <role-name>role1</role-name>
>> </security-role>
>> <security-role>
>> <role-name>role2</role-name>
>> </security-role>
>>
>> So I assume by this configuration that both role1 and role2 are allowed
>> to access /resources/* and further authorization will be done via the
>> Annotations Handling. (?)
>>
>> And finally in one of my resources I have @RolesAllowed("role1").
>>
>> The problem is that both users (so both roles) are able to access the
>> resource after authentication. However I only expect user1 to access to
>> resource.
>>
>> Do I need any further configuration to make this work?
>>
>> Thanks.
>>
>> --
>> Ersin
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>
> 


-- 
Ersin ER
http://www.ersiner.net
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.