Package io.helidon.security.annotations
Annotation Type Authorized
-
@Retention(RUNTIME) @Target({METHOD,TYPE,FIELD}) @Documented @Inherited public @interface Authorized
An annotation used to specify server resources with enforced authorization.The following sample shows examples of use of @Authorized annotation in a JAX-RS/Jersey application:
@Authorized @Authenticated @ApplicationPath("myApp") public class SecuredApplication extends javax.ws.rs.core.Application { ... } @Authorized(false) @Path("/") public class PublicResource { @GET public String getResourceContent() { ... } // Only authenticated users can update the content of the public resource @Authorized @PUT public Response setNewResourceContent(String content) { ... } }
Authorized annotation is not cumulative - e.g. if you define this annotation on a resource method, it will take ALL values from this instance of Authorized (so if you want to use a custom authorization provider, you must define it again in each Authorized instance).
-
-
Optional Element Summary
Optional Elements Modifier and Type Optional Element Description boolean
explicit
By default, authorization is implicit and all annotations are processed before method invocation to authorize access.String
provider
Explicit authorization provider to use when processing this Authorized.boolean
value
Determine whether authorization should be enabled.
-
-
-
-
provider
String provider
Explicit authorization provider to use when processing this Authorized. Setting this value will ignore security provider configured globally. Value is the name of a configuredAuthenticationProvider
.- Returns:
- name of a configured provider
- Default:
- ""
-
-
-
explicit
boolean explicit
By default, authorization is implicit and all annotations are processed before method invocation to authorize access. In case this is set to true, authorization MUST be invoked manually, callingSecurityContext.authorize(Object...)
. If set to true the security module will not check authorization; security module still checks that authorization was called. If not, an exception is generated post-processing. For example the Jersey integration will return an internal server error in such a case.- Returns:
- true if explicit authorization will be invoked in the code, false for implicit (handled by security module)
- Default:
- false
-
-