stackoom
  简体   繁体   中英

Can I use JAX-RS @RoleAllowed in the Rest API resource's method, if EJB is used

 原文  2022-12-16 02:37:27       java/ jboss/ resteasy

Question

According to the JBoss 7.1 Enterprise Edition, @RolesAllowed is not advised in the Resource's method, if RESTful services use EJB.

Do not activate role-based security if the application uses EJBs. The EJB container will provide the functionality, instead of RESTEasy.

Ref: https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html/developing_web_services_applications/developing_jax_rs_web_services#Enable_Role-Based_Security_RESTEasy_JAX-RS_Web_Service

I am confused about the above statement. My application is build by JAX-RS layer and EJB layer. I am resolving role in the implementation of SecurityContext isUserInRole(String role) mehod. My web.xml is empty. Does it mean I am not allowed to use @RolesAllowed on my Resource's method because my REST services use EJB under the hood?

1 answers

solution1
 0  2022-12-24 01:30:52

No and @RoleAllowed does not invoke SecurityContext isUserInRole(String role) method.

Therefore, create @Namebinding annotation based filter to handle the permission by SecurityContext isUserInRole(String role) is the best way to go.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Injecting EJB into JAX-RS REST controller Multiple params in Java Rest API JAX-RS - GET Method JAX-RS resource method signatures Caching REST API (JAX-RS) JAX-RS REST API Basic Authentication Jax-RS - java rest api and hibernate Error handling in REST API with JAX-RS PRTG REST API with JAX-RS Injecting ejb in rest service (JAX-RS) on jboss EJB transaction and JAX-RS
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM