Jersey, Apache HTTPD, and javax.annotation.security usage
Posted
by Nick Klauer
on Stack Overflow
See other posts from Stack Overflow
or by Nick Klauer
Published on 2010-05-25T22:58:19Z
Indexed on
2010/05/25
23:01 UTC
Read the original article
Hit count: 448
So I'm having a heck of a time trying to piece together what I think is a pretty simple implementation. This is very similar to another StackOverflow question only I can't leverage Tomcat to handle role based authentication.
I have an Apache httpd server in front of my app that handles authentication and then passes LDAP roles to a Jersey service through Headers. I've created a servlet filter to parse the header and tease out the roles the request came from, which works fine globally to the app, but isn't fine-grained enough to dictate what an Admin
could do that a User
could not.
I'm thinking I could use the javax.annotation.security annotations that JAX-RS supports, but I don't know how to take what I've parsed out using a servlet filter to set or instantiate the SecurityContext necessary for the roles @RolesAllowed
.
© Stack Overflow or respective owner