Annotation Interface Authenticated


@Retention(RUNTIME) @Target({METHOD,TYPE,FIELD}) @Documented @Inherited public @interface Authenticated
An annotation used to specify server resources with enforced authentication and resources accessible without authentication.

The following sample shows examples of use of Authenticated annotation in a JAX-RS/Jersey application:

  @Authenticated
  @ApplicationPath("myApp")
  public class SecuredApplication extends jakarta.ws.rs.core.Application { ... }

  @Authenticated(false)
  @Path("/")
  public class PublicResource {
    @GET
    public String getResourceContent() { ... }

    // Only authenticated users can update the content of the public resource
    @Authenticated
    @PUT
    public Response setNewResourceContent(String content) { ... }
  }
 

Authenticated annotation is not cumulative - e.g. if you define this annotation on a resource method, it will take ALL values from this instance of Authenticated (so if you want to use a custom authentication provider, you must define it again in each Authenticated instance).

  • Optional Element Summary

    Optional Elements
    Modifier and Type
    Optional Element
    Description
    boolean
    If set to optional, authentication will be attempted, yet if it fails, we would still be called without authenticated user/service.
    Explicit authentication provider to use when processing this Authorized.
    boolean
    Determine whether authentication should be enabled.
  • Element Details

    • value

      boolean value
      Determine whether authentication should be enabled. Defaults to true
      Returns:
      true if authentication should be enabled.
      Default:
      true
    • optional

      boolean optional
      If set to optional, authentication will be attempted, yet if it fails, we would still be called without authenticated user/service. For fine-grained control use configuration of provider flags (e.g. if a service is optional and user is mandatory)
      Returns:
      true if authentication should be optional
      Default:
      false
    • provider

      String provider
      Explicit authentication provider to use when processing this Authorized. Setting this value will ignore security provider configured globally. Value is the name of a configured AuthenticationProvider.
      Returns:
      name of a configured provider
      Default:
      ""