Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mvc-dev] mvc interaction with SecurityContext

Hey Steaven,

Ivar is right - this is not supported by the standard.
Depending on your JAX-RS implementation, there might be hacks. Here is the RestEasy version: https://docs.jboss.org/resteasy/docs/4.5.8.Final/userguide/html/Securing_JAX-RS_and_RESTeasy.html

Gregor

On 7 Oct 2020, at 10:28, Ivar Grimstad wrote:

Hi Steaven,

The implementation of Jakarta Security does not support @RolesAllowed for non-servlet environments.
So, until this is fixed (most likely in Jakarta Security 2.x or 3) in Jakarta EE 10) you will have to use web.xml to configure these constrants. Here is an example:

<security-constraint>
<display-name>A Foo</display-name>
<web-resource-collection>
<web-resource-name>Demo</web-resource-name>
<description/>
<url-pattern>/ui/hello</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Constraints for a FOO</description>
<role-name>foo</role-name>
</auth-constraint>
</security-constraint>
Ivar


On Wed, Oct 7, 2020 at 12:59 AM Steaven Woyan <swoyan@xxxxxxxxx> wrote:
Hello,
Apologies ahead of time if this is the wrong place to ask questions.

I am in the process of trying out jakarta mvc.
I have the @Controller working just fine.
I have implemented a @CustomFormAuthenticationMechanismDefinition and that is working just fine.

The issue I am having is in trying to marry the two.

I cannot figure out how to get a @Controller to work with something @RolesAllowed from a servlet.

That is, I am trying to figure out how to get a @Controller to only be invoked if a user is in a certain role(s).

Is there a set of examples or an article anyone can point me to? I am not finding anything when I search.

Thanks for your time.

_______________________________________________
mvc-dev mailing list
mvc-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mvc-dev


--

Ivar Grimstad

Jakarta EE Developer Advocate | Eclipse Foundation, Inc.

Community. Code. Collaboration. 

Join us at our virtual event:
EclipseCon 2020 - October 20-22

_______________________________________________
mvc-dev mailing list
mvc-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mvc-dev


Back to the top