0

I would like to do something like that:

Interface

public interface EndpointCollection<T> {
    @GET
    // @Secured({Role.Admin})  here everything works fine but won't need it here
    @Produces(MediaType.APPLICATION_JSON)
    public T getAll();
}

Endpoint

public class EntityEndpoint implements EndpointCollection<Entity> {
    @Secured({Role.Admin})  // annotation isn't considered at all
    @Override
    public Entity getAll() {
        ...
    }
}

So every endpoint holds the basic methods and just the permissions need to be handled. I already tried it and it doesn't seem to work, but I don't understand why and what I can do that it will work.

Edit

If I do the following in my AuthorizationFilter

@Provider
@Priority(Priorities.AUTHORIZATION)
public class AuthorizationFilter implements ContainerRequestFilter {

    @Context
    private ResourceInfo resourceInfo;

    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        ...
        List<Role> methodRoles = extractRoles(resourceInfo.getResourceMethod());
        ...
    }

    private List<Role> extractRoles(AnnotatedElement annotatedElement) {
        System.out.println("AnnotatedElement =====================> " + annotatedElement);
        if (annotatedElement == null) {
            return new ArrayList<Role>();
        } else {
            Secured secured = annotatedElement.getAnnotation(Secured.class);
            System.out.println("Secured ==============================> " + secured);
            if (secured == null) {
                return new ArrayList<Role>();
            } else {
                Role[] allowedRoles = secured.value();
                for (Role r : allowedRoles)
                    System.out.println("Role ============================> " + r);
                return Arrays.asList(allowedRoles);
            }
        }
    }
}

I get

AnnotatedElement =====================> public java.util.List com.as.web.core.EntityEndpoint.getAll()
Secured ==============================> null

But I am expecting a value of Admin like

Role ============================> Admin

Edit

It is a Java EE Application. I am using JAX-RS on wildly 10.

@NameBinding
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD, ElementType.TYPE})
@Inherited
public @interface Secured {
    Role[] value() default {};
}
user289520
  • 145
  • 15
  • Can you show an example of how "it doesn't work"? Do you get an exception thrown or? – Ognjen Mišić Aug 05 '17 at 17:57
  • This is not a Java question, but rather a question about the particular web service framework you are using. So you need to tell us which framework that is. – bmargulies Aug 05 '17 at 18:18
  • You might think that https://stackoverflow.com/questions/4745798/why-java-classes-do-not-inherit-annotations-from-implemented-interfaces?rq=1 was relevant, but in fact a framework could use reflection to see annotations on interfaces if wanted to. – bmargulies Aug 05 '17 at 18:18
  • @bmargulies I am sorry. I've forgot some code. I don't think that it is a framework issue. And the interface also seems right. – user289520 Aug 05 '17 at 18:31
  • I think the method `resourceInfo.getResourceMethod()` will return the method `getAll` belong to a **proxy** class of `EntityEndpoint` rather than original.So I think you can use `resourceInfo.getResourceClass` determine what the result be return on it. – dabaicai Aug 05 '17 at 19:34
  • @dabicai I get the same result. – user289520 Aug 06 '17 at 06:43

0 Answers0