Annotation Type Authorized


  • @Retention(RUNTIME)
    @Target({METHOD,TYPE,FIELD})
    @Documented
    @Inherited
    public @interface Authorized
    An annotation used to specify server resources with enforced authorization.

    The following sample shows examples of use of @Authorized annotation in a JAX-RS/Jersey application:

      @Authorized
      @Authenticated
      @ApplicationPath("myApp")
      public class SecuredApplication extends javax.ws.rs.core.Application { ... }
    
      @Authorized(false)
      @Path("/")
      public class PublicResource {
        @GET
        public String getResourceContent() { ... }
    
        // Only authenticated users can update the content of the public resource
        @Authorized
        @PUT
        public Response setNewResourceContent(String content) { ... }
      }
     

    Authorized annotation is not cumulative - e.g. if you define this annotation on a resource method, it will take ALL values from this instance of Authorized (so if you want to use a custom authorization provider, you must define it again in each Authorized instance).

    • Optional Element Summary

      Optional Elements 
      Modifier and Type Optional Element Description
      boolean explicit
      By default, authorization is implicit and all annotations are processed before method invocation to authorize access.
      String provider
      Explicit authorization provider to use when processing this Authorized.
      boolean value
      Determine whether authorization should be enabled.
    • Element Detail

      • value

        boolean value
        Determine whether authorization should be enabled. Defaults to true
        Returns:
        true if authorization should be enabled.
        Default:
        true
      • provider

        String provider
        Explicit authorization provider to use when processing this Authorized. Setting this value will ignore security provider configured globally. Value is the name of a configured AuthenticationProvider.
        Returns:
        name of a configured provider
        Default:
        ""
      • explicit

        boolean explicit
        By default, authorization is implicit and all annotations are processed before method invocation to authorize access. In case this is set to true, authorization MUST be invoked manually, calling SecurityContext.authorize(Object...). If set to true the security module will not check authorization; security module still checks that authorization was called. If not, an exception is generated post-processing. For example the Jersey integration will return an internal server error in such a case.
        Returns:
        true if explicit authorization will be invoked in the code, false for implicit (handled by security module)
        Default:
        false