Yes, I did.
But I still do not understand, what is the proper way to use it.
Here is what I have now:
1. The main:
public static void main(String[] args) throws IOException {
...
final JaxRsApplication application = new
JaxRsApplication(component.getContext().createChildContext());
application.getRoles().addAll(Enroler.getAllRoles());
ChallengeAuthenticator authenticator = new
ChallengeAuthenticator(component.getContext().createChildContext(),
ChallengeScheme.HTTP_BASIC, "POC realm");
authenticator.setVerifier(new Verifier());
authenticator.setEnroler(new Enroler());
application.setGuard(authenticator);
...
}
2. A typical HTTP request handler:
@DELETE
@Path("{id}")
public void deleteUser(@PathParam("id") int id) {
if (!securityContext.isUserInRole(Enroler.ADMINISTRATOR.getName())) {
throw new WebApplicationException(Response.Status.UNAUTHORIZED);
}
m_userService.delete(id);
}
But I think it is wrong, because it seems to be against the spirit of JAX-RS -
removing the boilerplate code into the framework.
I was hoping to be able to associate either individual request handling methods
(the ones annotated with @GET, @PUT, etc...) or the whole handler class with
the respective allowed roles, so that the framework could authorize the user
automatically. Is it supported?
Thanks.
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2890720
