Hi Jonas,
the SecurityContext is easy to use. It's a long time ago, but I think
you use it like this:
@Path("abc")
public class MyResource
{
@Context
private SecurityContext securityContext;
public Whatever getSomething()
{
if (!securityContext.isUserInRole("rolename"))
throw new WebApplicationException(Response.Status.FORBIDDEN);
// do secured work
Principal principal = securityContext.getUserPrincipal();
String username = principal.getName();
return new Whatever();
}
}
You don't need to implement it.
The SecurityContext is backed up by the Restlet security API, see
package org.restlet.security.
Does this answer your question?
best regards
Stephan
Jonas Huckestein schrieb:
> Hello,
>
> first of all, thanks for the amazing restlet framework and the awesome
> Jax-RS extension.
>
> I am currently trying to understand how to use "@Context
> SecurityContext". I do not know how I can make the injected
> SecurityContext "do" anything.
>
>
> This is what I have:
> - A function which takes an Authorization header and returns the
> username and a list of roles (as strings) or throws an exception
> This is what I want to do:
> - Have access to a SecurityContext in all my resources, which returns
> the username and can check whether or not he is in a specific role
>
> How can I achieve this?
>
> - Do I have to implement SecurityContext?
> - Is security Context automatically (due to the Jax-RS runtime) aware
> of Restlet guards?
>
> When I try implementing SecurityContext (as per the JSR 311 Specs)
>
> public class StockWatchSecurity implements
> ContextResolver<SecurityContext>, SecurityContext { ... }
>
> my resource is not even loaded (an error 404 is returned on its path).
>
> I have also implemented a Guard, but since I am using the 2.0 M3
> release and there is not much documentation, I am confused which
> classes I need to use how. For a start, I did this:
>
> public class MyJaxRSApp extends JaxRsApplication {
> public MyJaxRSApp() {
> super(Context.getCurrent());
> getContext().getLogger().setLevel(Level.FINE);
> getContext().setVerifier(new MyVerifier());
> this.add(new MyJaxRSAppConfig());
> this.setGuard(new
> ChallengeGuard(getContext(),ChallengeScheme.CUSTOM, "realm"));
> }
> }
>
> Thanks in advance and kind regards, Jonas
>
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2380987
