[Jersey] Re: user/roles provider for AAA?

From: ljnelson <>
Date: Thu, 28 Apr 2011 06:29:06 -0700 (PDT)

On Thu, Apr 28, 2011 at 9:10 AM, Kristian Rink [via Jersey] <> wrote:

> However, the only documentation I so far found is
> about either defining roles and users in web.xml or setting up a
> container-sided JAAS (Jdbc, ...) realm for fetching user information.
> Both, however, is not what I want / need / can make use of as, in our
> environment, user/role information are to be provided by a legacy
> backend which just can be reached through a bunch of obscure glue code.

The "proper" way to do it is to set up a JACC provider. It is a woefully
underdocumented pain in the neck, but that's the facility that the Java EE
stack provides to bind a @RolesAllowed check to a,
which can serve as the front end to your obscure glue code.

A ServletFilter will not work in this case, if I understand your
requirements correctly, because a ServletFilter of any kind cannot
programmatically assign roles to a user, which is what you need.

Start the whole JACC mess with implementing a You'll
want to override the implies() method. Once you've got that, then start
reading about JACC.


View this message in context:
Sent from the Jersey mailing list archive at