Hi,
I see two options:
1) if you use http client (like Apache HttpClient or Okio) then you can
login first and then go to the REST endpoint. Just make sure the client
preserves the cookies
2) remove @AuthorizeResource and use other means to protect it, e.g. Basic
Authentication. With Spring Security or Apache Shiro you can do this easily
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Thu, Feb 9, 2017 at 11:15 AM, Per Newgro wrote:
> Hi,
>
> i've extended an org.wicketstuff.rest.resource.AbstractRestResource and
> mounted it in my WebApplication.
> Everything works so far.
>
> But i've annotated my Method with a role that shall be extracted from the
> session. I'm not quite sure how to
> 'login' my import command (CLI) as a user
>
> Has someone maybe a working example for authorized resource access?
>
> Thanks
> Per
>
>
> @AuthorizeResource
> public class CRMDataImportResource extends
> AbstractRestResource
> {
>
> @SpringBean(name = "FullImport")
> private DataImport dataImport;
>
> public CRMDataImportResource() {
> super(new JsonWebSerialDeserial(
> new GsonObjectSerialDeserial()), new IRoleCheckingStrategy() {
>
> @Override
> public boolean hasAnyRole(Roles roles) {
> CDISession session = CDISession.get();
> return session.hasAnyRole(roles);
> }
> }
> );
> Injector.get().inject(this);
> }
>
> @MethodMapping(
> value = "/full",
> httpMethod = HttpMethod.POST)
> @AuthorizeInvocation("CRMDataImport")
> public String fullImport(@RequestBody DocumentBatch batch) throws
> Exception {
> return dataImport.fullImport(batch);
> }
> }
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>