Hello Luke,
which filter do you want to use? Jersey specific or container servlet
filter? Do you know about RolesAllowedResourceFilterFactory.Filter [1]
(might be useful for you.. at least as a starting point)?
You can also look at atompub sample [2] (atompub-contact-server module)
which demonstrates this scenario. These filter are Jersey managed so
they will work on any container..
Feel free to ask if you need additional info.
Regards,
Pavel
[1]
http://jersey.java.net/nonav/apidocs/latest/jersey/com/sun/jersey/api/container/filter/RolesAllowedResourceFilterFactory.html
[2]
http://download.java.net/maven/2/com/sun/jersey/samples/atompub-contacts/1.6-ea05/atompub-contacts-1.6-ea05-project.zip
On 03/08/2011 08:47 PM, luksurious wrote:
> Hey,
>
> I'm using tomcat with jersey and found the only way to achieve our custom
> authentication scheme by using a filter.
> In this filter I register a Principal like I would in a tomcat Valve.
> Then to use security annotations like @RolesAllowed I specified a security
> constraint element in my web.xml file.
> It appears however that the web.xml filtering and checking if the current
> role is allowed happens before my filter is processed and the appropiate
> principal is registered.
> Omitting the auth-constraint leads to proper processing of the filter, but
> disables the security annotations.
>
> Is there a way to use the security annotations with a filter in tomcat? Or
> do I have to check for the appropiate role at the beginning of each web
> method?
>
> Thanks,
> Luke
>
> --
> View this message in context: http://jersey.576304.n2.nabble.com/Using-Security-Constraints-with-Filters-tomcat-tp6138107p6138107.html
> Sent from the Jersey mailing list archive at Nabble.com.
>
>