@Retention(value=RUNTIME) @Target(value={METHOD,TYPE,FIELD}) @Documented @Inherited public @interface Authorized
The following sample shows examples of use of @Authorized annotation in a JAX-RS/Jersey application:
@Authorized
@Authenticated
@ApplicationPath("myApp")
public class SecuredApplication extends javax.ws.rs.core.Application { ... }
@Authorized(false)
@Path("/")
public class PublicResource {
@GET
public String getResourceContent() { ... }
// Only authenticated users can update the content of the public resource
@Authorized
@PUT
public Response setNewResourceContent(String content) { ... }
}
Authorized annotation is not cumulative - e.g. if you define this annotation on a resource method, it will take ALL values from this instance of Authorized (so if you want to use a custom authorization provider, you must define it again in each Authorized instance).
| Modifier and Type | Optional Element and Description |
|---|---|
boolean |
explicit
By default, authorization is implicit and all annotations are processed before method invocation to authorize access.
|
String |
provider
Explicit authorization provider to use when processing this Authorized.
|
boolean |
value
Determine whether authorization should be enabled.
|
public abstract boolean value
truetrue if authorization should be enabled.public abstract String provider
AuthenticationProvider.public abstract boolean explicit
SecurityContext.authorize(Object...).
If set to true the security module will not check authorization; security module still
checks that authorization was called. If not, an exception is generated post-processing.
For example the Jersey integration will return an internal server error in such a case.Copyright © 2018, Oracle and/or its affiliates. All Rights Reserved. Use is subject to license terms.