This repository has been archived by the owner. It is now read-only.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
src license header update. Jul 26, 2017
README.MD copyright fixes. Oct 16, 2017
pom.xml [maven-release-plugin] prepare for next development iteration Apr 10, 2018

README.MD

Entity Data Filtering

Role-based Entity Filtering using security annotations

This example demonstrates how to use entity filtering feature together with security annotations (from javax.annotation.security package) and how to apply them on domain classes as well as on JAX-RS resource classes or JAX-RS resource methods.

In addition to domain classes and JAX-RS resources (with security annotations applied) there is also one (pre-matching) container request filter, SecurityRequestFilter. The filter sets security context for each incoming request as if the request was invoked by a user in role "manager".

The full description how Entity Data Filtering can be found in Jersey User Guide, chapter Entity Data Filtering. Sections relevant to this example (describing this exact example) are:

Contents

The mapping of the URI path space is presented in the following table:

URI path Resource class HTTP methods Notes
/restricted-resource/denyAll RestrictedResource GET @DenyAll - returns HTTP 403, Forbidden response
/restricted-resource/permitAll RestrictedResource GET @PermitAll - Role-based view on RestrictedEntity class - permitAll, simpleField
/restricted-resource/rolesAllowed RestrictedResource GET @RolesAllowed({"manager"}) - Role-based view on RestrictedEntity class - permitAll, simpleField, mixedField.managerField
/unrestricted-resource UnrestrictedResource GET No security annotation used, user in role "manager" - Role-based view on RestrictedEntity class - permitAll, simpleField, mixedField.managerField

Application is based on Grizzly container (see App). Everything needed (resources/providers) is registered in SecurityEntityFilteringApplication.

Running the Example

Run the example as follows:

mvn clean package exec:java

This deploys current example using Grizzly. You can access the application at:

Using Jackson instead of MOXy

This examples uses by default Entity Data Filtering feature together with MOXy. To switch MOXy JSON provider to Jackson (2.x) JSON provider simply

  • comment registration of MOXy ContextResolver, and
    register(new MoxyJsonConfig().setFormattedOutput(true).resolver())
  • uncomment registration of JacksonFeature
    register(JacksonFeature.class)

in SecurityEntityFilteringApplication class.