Hi, I have several roles accessing my REST-services, lets say BASIC and MANAGER. MANAGER can see more attributes than BASIC.
If I had different resources for BASIC and MANAGER, I'd solve this by using the JsonView-annotation in jackson. But since it is the same resource, I would have to set the JsonView dynamically depending on the user-role. I would prefer to use the SecurityEntityFilteringFeature found in jersey, but due to the dropwizard "encapusaltion" of jersey, following jersey documentation doesn't work, the filtering is not applied. So far I found this sample https://gist.github.com/oillio/1c1845059caf47527f94202bf14b2dca , which is a little bit dated. It is concerned about EntityFiltering, but should provide a blueprint for SecurityEntityFiltering as well. Is it still the best option? Is there any other way that I'm currently missing? I suppose it can't be such a rare problem and I'm probably just missing the forest for the trees... Best regards Patrick -- You received this message because you are subscribed to the Google Groups "dropwizard-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dropwizard-user/49ae68d0-bca9-43cf-8fe8-a89822e318fan%40googlegroups.com.
