Hi, I see two options: 1) if you use http client (like Apache HttpClient or Okio) then you can login first and then go to the REST endpoint. Just make sure the client preserves the cookies 2) remove @AuthorizeResource and use other means to protect it, e.g. Basic Authentication. With Spring Security or Apache Shiro you can do this easily
Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Thu, Feb 9, 2017 at 11:15 AM, Per Newgro <[email protected]> wrote: > Hi, > > i've extended an org.wicketstuff.rest.resource.AbstractRestResource and > mounted it in my WebApplication. > Everything works so far. > > But i've annotated my Method with a role that shall be extracted from the > session. I'm not quite sure how to > 'login' my import command (CLI) as a user > > Has someone maybe a working example for authorized resource access? > > Thanks > Per > > <code> > @AuthorizeResource > public class CRMDataImportResource extends > AbstractRestResource<JsonWebSerialDeserial> > { > > @SpringBean(name = "FullImport") > private DataImport dataImport; > > public CRMDataImportResource() { > super(new JsonWebSerialDeserial( > new GsonObjectSerialDeserial()), new IRoleCheckingStrategy() { > > @Override > public boolean hasAnyRole(Roles roles) { > CDISession session = CDISession.get(); > return session.hasAnyRole(roles); > } > } > ); > Injector.get().inject(this); > } > > @MethodMapping( > value = "/full", > httpMethod = HttpMethod.POST) > @AuthorizeInvocation("CRMDataImport") > public String fullImport(@RequestBody DocumentBatch batch) throws > Exception { > return dataImport.fullImport(batch); > } > } > </code> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
