tree: 968c4bd845710764fb915130b47721ae0cd097fc [path history] [tgz]
  1. src/
  2. pom.xml
  3. README.MD
examples/entity-filtering-security/README.MD

Entity Data Filtering

Role-based Entity Filtering using security annotations

This example demonstrates how to use entity filtering feature together with security annotations (from javax.annotation.security package) and how to apply them on domain classes as well as on JAX-RS resource classes or JAX-RS resource methods.

In addition to domain classes and JAX-RS resources (with security annotations applied) there is also one (pre-matching) container request filter, SecurityRequestFilter. The filter sets security context for each incoming request as if the request was invoked by a user in role “manager”.

The full description how Entity Data Filtering can be found in Jersey User Guide, chapter Entity Data Filtering. Sections relevant to this example (describing this exact example) are:

Contents

The mapping of the URI path space is presented in the following table:

URI pathResource classHTTP methodsNotes
/restricted-resource/denyAllRestrictedResourceGET@DenyAll - returns HTTP 403, Forbidden response
/restricted-resource/permitAllRestrictedResourceGET@PermitAll - Role-based view on RestrictedEntity class - permitAll, simpleField
/restricted-resource/rolesAllowedRestrictedResourceGET@RolesAllowed({"manager"}) - Role-based view on RestrictedEntity class - permitAll, simpleField, mixedField.managerField
/unrestricted-resourceUnrestrictedResourceGETNo security annotation used, user in role “manager” - Role-based view on RestrictedEntity class - permitAll, simpleField, mixedField.managerField

Application is based on Grizzly container (see App). Everything needed (resources/providers) is registered in SecurityEntityFilteringApplication.

Running the Example

Run the example as follows:

mvn clean package exec:java

This deploys current example using Grizzly. You can access the application at:

Using Jackson instead of MOXy

This examples uses by default Entity Data Filtering feature together with MOXy. To switch MOXy JSON provider to Jackson (2.x) JSON provider simply

  • comment registration of MOXy ContextResolver, and
    register(new MoxyJsonConfig().setFormattedOutput(true).resolver())
  • uncomment registration of JacksonFeature
    register(JacksonFeature.class)

in SecurityEntityFilteringApplication class.