In Jersey 2 need the security annotation on the very last resource method that is called.
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/cdf7c293 Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/cdf7c293 Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/cdf7c293 Branch: refs/heads/two-dot-o-dev Commit: cdf7c293f5127d21b6726f8ba0b7c121722e1f36 Parents: c8b8430 Author: Dave Johnson <[email protected]> Authored: Tue Sep 8 13:26:29 2015 -0400 Committer: Dave Johnson <[email protected]> Committed: Tue Sep 8 13:26:29 2015 -0400 ---------------------------------------------------------------------- .../organizations/OrganizationResource.java | 1 + .../organizations/OrganizationsResource.java | 21 ++------------------ 2 files changed, 3 insertions(+), 19 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/usergrid/blob/cdf7c293/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationResource.java index 287b5a7..c43b463 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationResource.java @@ -107,6 +107,7 @@ public class OrganizationResource extends AbstractContextResource { @GET @JSONP + @RequireOrganizationAccess @Produces({"application/json", "application/javascript"}) public ApiResponse getOrganizationDetails( @Context UriInfo ui, @QueryParam("callback") @DefaultValue("callback") String callback ) http://git-wip-us.apache.org/repos/asf/usergrid/blob/cdf7c293/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java index 26f6b5c..660e93d 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java @@ -66,13 +66,6 @@ public class OrganizationsResource extends AbstractContextResource { public OrganizationsResource() { } - // TODO: better solution to this Jersey 2 introduced problem: - // Problem is that when Jersey scans the resources classes and methods to add our - // secured resource filter, it only recognizes methods with an HTTP method annotation - // but when I add the @GET annotation to the methods below, Jersey fails to resolve - // the resource methods when they are called. - - //@GET @Path(RootResource.ORGANIZATION_ID_PATH) @RequireOrganizationAccess public OrganizationResource getOrganizationById( @Context UriInfo ui, @@ -83,17 +76,11 @@ public class OrganizationsResource extends AbstractContextResource { throw new ManagementException( "Could not find organization for ID: " + organizationIdStr ); } -// // TODO: get rid of this and make annotations work (see above) -// if ( !isPermittedAccessToOrganization( Identifier.from(organization) ) ) { -// logger.debug("No organization access authorized"); -// throw mappableSecurityException( "unauthorized", "No organization access authorized" ); -// } + return getSubResource( OrganizationResource.class ).init( organization ); } - - //@GET @Path( "{organizationName}" ) @RequireOrganizationAccess public OrganizationResource getOrganizationByName( @Context UriInfo ui, @@ -104,11 +91,7 @@ public class OrganizationsResource extends AbstractContextResource { throw new ManagementException( "Could not find organization for name: " + organizationName ); } -// // TODO: get rid of this and make annotations work (see above) -// if ( !isPermittedAccessToOrganization( Identifier.from(organization) ) ) { -// logger.debug("No organization access authorized"); -// throw mappableSecurityException( "unauthorized", "No organization access authorized" ); -// } + return getSubResource( OrganizationResource.class ).init(organization); }
