JSR250

Using JSR-250 security annotation to restrict access to resources

Using of JSR-250 security annotations

EverRest supports following security annotations @RolesAllowed, @PermitAll, @DenyAll. This feature is turned on by default. You can disable it by setting org.everrest.security context parameter to false in web.xml file.

<context-param>
   <param-name>org.everrest.security</param-name>
   <param-value>false</param-value>
</context-param>

Usage:

@Path("a")
public class MyResource
{
   @DenyAll
   @GET
   @Path("b")
   public void denyAll()
   {
   ...
   }

   @RolesAllowed({"admins"})
   @GET
   @Path("c")
   public void adminsOnly()
   {
   ...
   }
}

Method denyAll in MyResource not allowed to call for anybody, method adminsOnly allowed to call only for users in admins role.

User's guide
- Overview
- Resources
- Message body readers and writers
- Exception Handling
- Dependency resolving
- Security
  - JSR-250
- Testing
Extensions
Integration
- Servlets
- Guice

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

JSR250

Using of JSR-250 security annotations

Clone this wiki locally