@Path("/authenticate")@RolesAllowed({"Admin","Guest"})public class BasicAuthen

1. @Path("/authenticate")
2. @RolesAllowed({"Admin","Guest"})
3. public class BasicAuthenticationSecurity {
4.  
5. @GET
6. @Path("/wbiPing")
7. @Produces(MediaType.TEXT_PLAIN)
8. @RolesAllowed("Admin")
9. public Response wbiPing(){
10.  
11. System.out.println("Pinged!!!");
12. return Response.ok("Pinged!!!").build();
13. }
14.  
15. }
16.  
17. <servlet>
18. <servlet-name>jersey-serlvet</servlet-name>
19. <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
20. <init-param>
21. <param-name>com.sun.jersey.config.property.packages</param-name>
22. <param-value>
23. com.security;
24. com.exception
25. </param-value>
26. </init-param>
27. <init-param>
28. <param-name>com.sun.jersey.spi.container.ResourceFilters</param-name>
29. <param-value>com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory</param-value>
30. </init-param>
31. <load-on-startup>1</load-on-startup>
32. </servlet>
33.  
34. <servlet-mapping>
35. <servlet-name>jersey-serlvet</servlet-name>
36. <url-pattern>/*</url-pattern>
37. </servlet-mapping>
38.  
39. <security-constraint>
40. <web-resource-collection>
41. <web-resource-name>BasicDemo</web-resource-name>
42. <url-pattern>/*</url-pattern>
43. <http-method>GET</http-method>
44. </web-resource-collection>
45. <auth-constraint>
46. <role-name>Admin</role-name>
47. </auth-constraint>
48. </security-constraint>
49. <login-config>
50. <auth-method>BASIC</auth-method>
51. <!-- The realm name is typically displayed by the browser in the login dialog box. -->
52. <realm-name>Login</realm-name>
53. </login-config>
54.  
55. import javax.annotation.security.RolesAllowed;
56.  
57. @DeclareRoles
58. @DenyAll
59. @PermitAll
60. @RolesAllowed
61. @RunAs
62.  
63. <dependency>
64. <!-- Annotations for role management -->
65. <groupId>javax.annotation</groupId>
66. <artifactId>jsr250-api</artifactId>
67. <version>1.0</version>
68. </dependency>
69.  
70. <?xml version="1.0" encoding="UTF-8"?>
71. <role rolename="editor"/>
72. <role rolename="member"/>
73.  
74. <user username="admin" password="qwerty" roles="editor,member"/>
75. <user username="gavin" password="qwerty" roles="editor"/>
76. <user username="julie" password="qwerty" roles="member"/>
77. </tomcat-users>
78.  
79. <?xml version="1.0" encoding="UTF-8"?>
80. <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
81. xmlns="http://java.sun.com/xml/ns/javaee"
82. xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
83. http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
84. version="3.0">
85.  
86. </web-app>
87.  
88. package ph.activelearning.rest.security;
89.  
90. import org.glassfish.jersey.server.ResourceConfig;
91. import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature;
92.  
93. public class MyApplication extends ResourceConfig {
94. public MyApplication() {
95. super(TestResource.class);
96. register(RolesAllowedDynamicFeature.class);
97. }
98. }
99.  
100. <servlet>
101. <servlet-name>Jersey Web Application</servlet-name>
102. <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
103. <init-param>
104. <param-name>jersey.config.server.provider.packages</param-name>
105. <param-value>ph.activelearning.rest.security</param-value>
106. </init-param>
107.  
108. <init-param>
109. <param-name>javax.ws.rs.Application</param-name>
110. <param-value>ph.activelearning.rest.security.MyApplication</param-value>
111. </init-param>
112. <load-on-startup>1</load-on-startup>
113. </servlet>
114.  
115. <web-app …>
116. <security-constraint>
117. <web-resource-collection>
118. <web-resource-name>test</web-resource-name>
119. <url-pattern>/test/*</url-pattern>
120. </web-resource-collection>
121. <auth-constraint>
122. <role-name>editor</role-name>
123. <role-name>member</role-name>
124. </auth-constraint>
125. </security-constraint>
126. </web-app>
127.  
128. <web-app …>
129. <login-config>
130. <auth-method>BASIC</auth-method>
131. <realm-name>test</realm-name>
132. </login-config>
133. </web-app>
134.  
135. <web-app ...>
136. <security-role>
137. <description>This is editor</description>
138. <role-name>editor</role-name>
139. </security-role>
140.  
141. <security-role>
142. <description>This is member</description>
143. <role-name>member</role-name>
144. </security-role>
145. </web-app>
146.  
147. package ph.activelearning.rest.security;
148.  
149. import javax.annotation.security.PermitAll;
150. import javax.annotation.security.RolesAllowed;
151. import javax.ws.rs.GET;
152. import javax.ws.rs.Path;
153. import javax.ws.rs.Produces;
154. import javax.ws.rs.core.Context;
155. import javax.ws.rs.core.MediaType;
156. import javax.ws.rs.core.SecurityContext;
157.  
158. @Path("test")
159. @PermitAll
160. public class TestResource {
161.  
162. @GET
163. @Path("editor")
164. @Produces(MediaType.TEXT_PLAIN)
165. @RolesAllowed("editor")
166. public String editorOnly() {
167. return "Got to editor path!";
168. }
169.  
170. @GET
171. @Path("member")
172. @Produces(MediaType.TEXT_PLAIN)
173. @RolesAllowed("member")
174. public String memberOnly() {
175. return "Got to member path!";
176. }
177.  
178. @GET
179. @Path("open")
180. @Produces(MediaType.TEXT_PLAIN)
181. public String open(@Context SecurityContext context) {
182. return "Open to all! - " + context.getUserPrincipal().getName();
183. }
184. }
185.  
186. <?xml version="1.0" encoding="UTF-8"?>
187. <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
188. xmlns="http://java.sun.com/xml/ns/javaee"
189. xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
190. http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
191. version="3.0">
192. <servlet>
193. <servlet-name>Jersey Web Application</servlet-name>
194. <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
195. <init-param>
196. <param-name>jersey.config.server.provider.packages</param-name>
197. <param-value>ph.activelearning.rest.security</param-value>
198. </init-param>
199.  
200. <!-- Define the Application class where we enable security annotations -->
201. <init-param>
202. <param-name>javax.ws.rs.Application</param-name>
203. <param-value>ph.activelearning.rest.security.MyApplication</param-value>
204. </init-param>
205.  
206. <load-on-startup>1</load-on-startup>
207. </servlet>
208. <servlet-mapping>
209. <servlet-name>Jersey Web Application</servlet-name>
210. <url-pattern>/*</url-pattern>
211. </servlet-mapping>
212.  
213. <!-- Required even though we use annotations -->
214. <security-constraint>
215. <web-resource-collection>
216. <web-resource-name>test</web-resource-name>
217. <url-pattern>/test/*</url-pattern>
218. </web-resource-collection>
219. <auth-constraint>
220. <role-name>editor</role-name>
221. <role-name>member</role-name>
222. </auth-constraint>
223. </security-constraint>
224.  
225. <login-config>
226. <auth-method>BASIC</auth-method>
227. <realm-name>test</realm-name>
228. </login-config>
229.  
230. <!-- Optional: Define security roles that are defined in your app server -->
231. <!--
232. <security-role>
233. <description>This is editor</description>
234. <role-name>editor</role-name>
235. </security-role>
236.  
237. <security-role>
238. <description>This is member</description>
239. <role-name>member</role-name>
240. </security-role>
241. -->
242.  
243. </web-app>