Wink as-is does not have a handler for JSR-250 annotations. You can create a request handler to do this if you want. The request handler can look at all the annotations available on a method. Patches would be welcome too.
On Fri, Jul 22, 2011 at 9:41 AM, Cameron Dalton <[email protected]> wrote: > Good morning, > > > > I’m just starting with some JAX-RS using Apache Wink in my project, and I’m > having trouble with the security annotations. > > > > I’m trying to use a @RolesAllowed annotation on a method to restrict access > to only users in those roles. However, users not in those roles are able to > invoke the method as well. I checked the request’s isUserInRole from inside > the method by injecting the request and invoking request.isUserInRole myself > and that behaves as expected, while the @RolesAllowed annotation does not. > Furthermore, I changed the @RolesAllowed annotation to @DenyAll and STILL > all users are able to invoke the method – in my mind, that last test takes > out any variables concerning the request and the isUserInRole method and > points squarely to something I’m doing wrong with the Apache Wink setup or > the annotations. > > > > What could I be doing wrong? What is missing? I have secured the url > pattern /* in web.xml by restricting it to all authenticated users. Here’s > my method signature with the annotations: > > > > @GET > > @DenyAll > > @Produces({ MediaType.APPLICATION_JSON}) > > public List<InboxField> getCasesBySearch(@Context HttpServletRequest > request, @PathParam("keywords") String keywords) { ... > > > > Thank you so much for your help. > > > > Cameron > >
