10

I'm trying to start a Jersey/1.7 based project from scratch (as opposed to copying an existing project and adding new code on top, which is what my client normally does) in order to learn how stuff works. I'm stuck in a very early phase, trying to process a simple HTTP request:

package com.example.foo.view.rest;

import javax.ws.rs.Path;
import javax.annotation.security.RolesAllowed; // package javax.annotation.security does not exist

@Path("user")
@RolesAllowed("valid-users") // cannot find symbol
public class UserService extends BaseService {
    public UserService() {
        super();
    }
}

I've copied these files from another project:

asm-3.1.jar
jackson-core-asl-1.9.2.jar
jackson-jaxrs-1.9.2.jar
jackson-mapper-asl-1.9.2.jar
jackson-xc-1.9.2.jar
jersey-client-1.17.jar
jersey-core-1.17.jar
jersey-json-1.17.jar
jersey-multipart-1.17.jar
jersey-server-1.17.jar
jersey-servlet-1.17.jar
jettison-1.1.jar
jsr311-api-1.1.1.jar

Project authentication works with Oracle SSO (Oracle Identity Directory).

The only javax.annotation.security.RolesAllowed I can find is an interface and I can certainly not see an actual implementation anywhere in my codebase. In fact the whole javax.annotation.security package is missing. I don't even know what library is supposed to provide it.

I'd appreciate any hint, no matter how obvious it looks.

Álvaro González
  • 142,137
  • 41
  • 261
  • 360
  • is this what you are searching for? [click](https://mvnrepository.com/artifact/javax.annotation/javax.annotation-api/1.3.2). Also managing jars by hand is horrible, you could use maven or gradle for easier dependency management – Amir Schnell Apr 14 '20 at 07:00
  • @AmirSchnell I guess that means it isn't part of Jersey itself. I can't find any reference to `javax.annotation-api` in other projects from this customer and search for `javax.annotation.security` in that site doesn't return results — is there another implementation they might be using? Project integrates with Oracle Portal / Oracle Identity Directory, if that matters. (I'm well aware that this is codebase is crap but we're too far away from Silicon Valley... If I implement such improvements the client will certainly complain.) – Álvaro González Apr 14 '20 at 08:05
  • No, `javax.annotation` is part of java , but not included in the jre or jdk. I have no experience with Oracle Portal / Oracle Identity Directory, so I don't know what they do. Have you used `RolesAllowed` somewhere in your other projects? If so, where is it imported from? – Amir Schnell Apr 14 '20 at 09:37
  • @AmirSchnell Just found the JAR at `C:\oracle\Middleware\modules\javax.annotation_1.0.0.0_1-0.jar`. I still don't know why other projects that use `javax.annotation.security` successfully don't make any reference to such file (probably it's included indirectly by some configuration I haven't located yet) but this is huge improvement. – Álvaro González Apr 14 '20 at 11:11
  • is your question answered then? can i post an answer for you to mark as correct? – Amir Schnell Apr 14 '20 at 11:16

1 Answers1

16

javax.annotation is part of java, but not included directly in the jre. It is not included in jersey. You have to add this jar to your project for it to work.

Amir Schnell
  • 611
  • 4
  • 11
  • I've eventually found that each project from my client is using a different implementation. In all cases you just need to ensure there's a proper JAR file at hand. The key info is just: neither JDK not Jersey include it, it's a third-party download and you can pick any as long as it complies with the interface. – Álvaro González Apr 14 '20 at 13:19
  • 14
    Actually `javax.annotation` API was part of JRE, but was [removed](https://blogs.perficient.com/2019/05/15/the-java-commons-annotations-was-removed-in-jdk-11/) in Java 11. – rustyx Mar 14 '21 at 16:58