Jersey, Apache HTTPD, and javax.annotation.security usage

Posted by Nick Klauer on Stack Overflow See other posts from Stack Overflow or by Nick Klauer
Published on 2010-05-25T22:58:19Z Indexed on 2010/05/25 23:01 UTC
Read the original article Hit count: 448

So I'm having a heck of a time trying to piece together what I think is a pretty simple implementation. This is very similar to another StackOverflow question only I can't leverage Tomcat to handle role based authentication.

I have an Apache httpd server in front of my app that handles authentication and then passes LDAP roles to a Jersey service through Headers. I've created a servlet filter to parse the header and tease out the roles the request came from, which works fine globally to the app, but isn't fine-grained enough to dictate what an Admin could do that a User could not.

I'm thinking I could use the javax.annotation.security annotations that JAX-RS supports, but I don't know how to take what I've parsed out using a servlet filter to set or instantiate the SecurityContext necessary for the roles @RolesAllowed.

© Stack Overflow or respective owner

Related posts about security

Related posts about authentication