0

I am trying to add authentication and authorization in my RESTEasy application.

This is my service method which I want to limit to users with 'admin' role:

@RolesAllowed("admin")
@PUT
@Path("/hosts/{id}")
@Produces("application/json")
public Response updateHost(@PathParam("id") int id) {

And this is my interceptor

@Provider
public class SecurityInterceptor implements javax.ws.rs.container.ContainerRequestFilter
{

  @Override
  public void filter(ContainerRequestContext requestContext)
  {

However, my filter method does not get called and the authorization for updateHost is not done. After reading the docs, my understanding is @Provider on SecurityInterceptor will make sure that its filter method gets called after a request is received. Can anyone help me figure out why it is not being called?

4

1 回答 1

3

我发现我们需要在 web 部署描述符中启用基于角色的安全性:

  <context-param>
    <param-name>resteasy.role.based.security</param-name>
    <param-value>true</param-value>
  </context-param>
于 2013-10-11T02:41:53.290 回答