Hello,
first of all, thanks for the amazing restlet framework and the awesome
Jax-RS extension.
I am currently trying to understand how to use "@Context
SecurityContext". I do not know how I can make the injected
SecurityContext "do" anything.
This is what I have:
- A function which takes an Authorization header and returns the
username and a list of roles (as strings) or throws an exception
This is what I want to do:
- Have access to a SecurityContext in all my resources, which returns
the username and can check whether or not he is in a specific role
How can I achieve this?
- Do I have to implement SecurityContext?
- Is security Context automatically (due to the Jax-RS runtime) aware
of Restlet guards?
When I try implementing SecurityContext (as per the JSR 311 Specs)
public class StockWatchSecurity implements
ContextResolver<SecurityContext>, SecurityContext { ... }
my resource is not even loaded (an error 404 is returned on its path).
I have also implemented a Guard, but since I am using the 2.0 M3
release and there is not much documentation, I am confused which
classes I need to use how. For a start, I did this:
public class MyJaxRSApp extends JaxRsApplication {
public MyJaxRSApp() {
super(Context.getCurrent());
getContext().getLogger().setLevel(Level.FINE);
getContext().setVerifier(new MyVerifier());
this.add(new MyJaxRSAppConfig());
this.setGuard(new
ChallengeGuard(getContext(),ChallengeScheme.CUSTOM, "realm"));
}
}
Thanks in advance and kind regards, Jonas
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2380612
