Module io.helidon.security.annotations
Package io.helidon.security.annotations

Annotation Type Authenticated

  • @Retention(RUNTIME)
@Target({METHOD,TYPE,FIELD})
@Documented
@Inherited
public @interface Authenticated
    An annotation used to specify server resources with enforced authentication and resources accessible without authentication.

    The following sample shows examples of use of Authenticated annotation in a JAX-RS/Jersey application: 

      @Authenticated
  @ApplicationPath("myApp")
  public class SecuredApplication extends javax.ws.rs.core.Application { ... }

  @Authenticated(false)
  @Path("/")
  public class PublicResource {
    @GET
    public String getResourceContent() { ... }

    // Only authenticated users can update the content of the public resource
    @Authenticated
    @PUT
    public Response setNewResourceContent(String content) { ... }
  }

    Authenticated annotation is not cumulative - e.g. if you define this annotation on a resource method, it will take ALL values from this instance of Authenticated (so if you want to use a custom authentication provider, you must define it again in each Authenticated instance).

    • Optional Element Summary

      Optional Elements 
      Modifier and Type Optional Element Description
      boolean optional
      If set to optional, authentication will be attempted, yet if it fails, we would still be called without authenticated user/service.
      String provider
      Explicit authentication provider to use when processing this Authorized.
      boolean value
      Determine whether authentication should be enabled.

    • Element Detail

      • value

        boolean value
        Determine whether authentication should be enabled. Defaults to true
        Returns:
        true if authentication should be enabled.
        Default:
        true

      • optional

        boolean optional
        If set to optional, authentication will be attempted, yet if it fails, we would still be called without authenticated user/service. For fine-grained control use configuration of provider flags (e.g. if a service is optional and user is mandatory)
        Returns:
        true if authentication should be optional
        Default:
        false

      • provider

        String provider
        Explicit authentication provider to use when processing this Authorized. Setting this value will ignore security provider configured globally. Value is the name of a configured AuthenticationProvider.
        Returns:
        name of a configured provider
        Default:
        ""