![[Contents]](FIGURE/CONTENT.GIF)
uCosminexus Application Server, Web Service Development Guide
![[Glossary]](FIGURE/GLOSS.GIF)
![[Index]](FIGURE/INDEX.GIF)
![[Back]](FIGURE/FRONT.GIF)
![[Next]](FIGURE/AFTER.GIF)
The javax.ws.rs.core.SecurityContext context saves the security information related to the HTTP request being processed.
The following example shows the usage of javax.ws.rs.core.SecurityContext that is injected into the field of a root resource class:
package com.sample.resources;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.SecurityContext;
//Root resource class
@Path("/root")
public class Resource {
//A field in which the SecurityContext is injected by using the Context annotation
private @Context SecurityContext securityContext;
//Resource method
@GET
public String getValue () {
String value = "Authentication Scheme: "
+ this.securityContext.getAuthenticationScheme()
+ ", User Principal: " + this.securityContext.getUserPrincipal()
+ ", Is secure: " + this.securityContext.isSecure()
+ ", Is user in role: " + this.securityContext.isUserInRole("admin");
return value;
}
}
|
The following is an example of web.xml containing the security information:
<?xml version="1.0" encoding="UTF-8"?>
<web-app ...>
...
<security-constraint>
<web-resource-collection>
<web-resource-name>Test Resource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>jaxrs_server</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
</web-app>
|
Consider the context root of the Web application (WAR file) containing the root resource class com.sample.resources.Resource to be example, and that the Web application is published on a host named sample.com. In the above example, with the HTTP GET request corresponding to the URL http://sample.com/example/root in which an appropriate authentication information is specified, first, the javax.ws.rs.core.SecurityContext context is injected into the securityContext field and then the getValue() method that can process the HTTP GET request is called. With the getValue() method, the security information is acquired based on the web.xml settings and the actual authentication information.
All Rights Reserved. Copyright (C) 2013, Hitachi, Ltd.