I have a simple jersey 2.4 resource:
@RolesAllowed("admin")
public List<Folder> list(){}
I also have a ContainerRequestFilter which sets custom securitycontext:
public void filter(ContainerRequestContext requestContext) throws IOException {
requestContext.setSecurityContext(new MySecurityContext(...));
}
In the list() function i do get the correct securitycontext: MySecurityContext. And a call "securityContext.isUserInRole("admin")" works.
But the annotation @RolesAllowed doesn't seem to do anything, the function isUserInRole of MySecurityContext is never called.
Do i need to do something special to get the @RolesAllowed to work?
Found it :-)
@RolesAllowed("admin") not @RolesAllowed("{admin}")
and the most important one:
register(RolesAllowedDynamicFeature.class);