[Jersey] Re: user/roles provider for AAA?

From: Kristian Rink <>
Date: Thu, 28 Apr 2011 15:33:00 +0200


first off, thanks a bunch for your comment on that, much appreciated!

Am Thu, 28 Apr 2011 08:14:53 -0500
schrieb Moises Lejter <>:

> A simple answer I think might involve a Jersey (or servlet) filter
> that calls out to your back end authentication service, then uses the
> programmatic login features of servlet 3.0. Once your call has
> logged in, the @RolesAllowed machinery in Jersey should work ...

Well yes, I was thinking about servlet filters here and login() as
well. However so far either I completely got something wrong or I
didn't so far figure out how to correctly put things together. Isn't
login() just making use of the preconfigured security mechanisms in
order to do what needs to be done? If so, how can I "override" this
kind of behaviour in a filter? Loading some kind of (custom) principal
and assigning this to the security context? Asides this, would this
also work with (programmatic) clients that make use of HTTP basic
authentication headers?

Oh well, guess I got some more reading to do...
Thank you very much nevertheless... :)