Authorized (Helidon Security Integration Annotations 0.9.1 API)

@Retention(RUNTIME)
@Target({METHOD,TYPE,FIELD})
@Documented
@Inherited
public @interface Authorized

An annotation used to specify server resources with enforced authorization.

The following sample shows examples of use of @Authorized annotation in a JAX-RS/Jersey application:

  @Authorized
  @Authenticated
  @ApplicationPath("myApp")
  public class SecuredApplication extends javax.ws.rs.core.Application { ... }

  @Authorized(false)
  @Path("/")
  public class PublicResource {
    @GET
    public String getResourceContent() { ... }

    // Only authenticated users can update the content of the public resource
    @Authorized
    @PUT
    public Response setNewResourceContent(String content) { ... }
  }

Authorized annotation is not cumulative - e.g. if you define this annotation on a resource method, it will take ALL values from this instance of Authorized (so if you want to use a custom authorization provider, you must define it again in each Authorized instance).

Optional Element Summary

Optional Elements
Modifier and Type	Optional Element	Description
`boolean`	`explicit`	By default, authorization is implicit and all annotations are processed before method invocation to authorize access.
`java.lang.String`	`provider`	Explicit authorization provider to use when processing this Authorized.
`boolean`	`value`	Determine whether authorization should be enabled.

- Element Detail
  - value
```
boolean value
```
    Determine whether authorization should be enabled. Defaults to true
    
    Returns:
    
    true if authorization should be enabled.
    
    Default:
    
    true
- - provider
```
java.lang.String provider
```
    Explicit authorization provider to use when processing this Authorized. Setting this value will ignore security provider configured globally. Value is the name of a configured AuthenticationProvider.
    
    Returns:
    
    name of a configured provider
    
    Default:
    
    ""
- - explicit
```
boolean explicit
```
    By default, authorization is implicit and all annotations are processed before method invocation to authorize access. In case this is set to true, authorization MUST be invoked manually, calling SecurityContext.authorize(Object...). If set to true the security module will not check authorization; security module still checks that authorization was called. If not, an exception is generated post-processing. For example the Jersey integration will return an internal server error in such a case.
    
    Returns:
    
    true if explicit authorization will be invoked in the code, false for implicit (handled by security module)
    
    Default:
    
    false

Annotation Type Authorized

Optional Element Summary

Element Detail

value

provider

explicit