• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

role based security in jax-rs

 
Greenhorn
Posts: 6
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Do we need to declare a jax-rs resource class as EJB to have the role based security???

I was going through the question from enthuware and encountered the following question:

There is a RESTful Web Service that adds two numbers. We want to secure this Web Service in order to only allow users in the role "student". What is the correct JAX-RS root resource class to implement this requirement? Assume that there is a security constraint in the web deployment descriptor that allows "student" and "teacher" to access the URL.

and the correct answer for this was:

@ApplicationPath("jax")
@Path("rs")
@Stateless
@RolesAllowed("student")
public class AdditionService extends Application {   
 @GET  
  @Path("/add/{num1}/{num2}")    
public String addp(@PathParam("num1") int num, @PathParam("num2") int num2){       
return "" + (num+num2);    }
}

the option that i selected was wrong and it showed explanation: "Note that the root resource class is not an EJB, therefore role-based security does not work".

i tried to search through internet to find if it is necessary to have declared it as ejb but couldn't find anything concrete. Please anyone verify this or provide some link for this.


Regards,
bkthakur
 
Rancher
Posts: 989
9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Some JAX-RS providers may provide that by default on non EJBs but some may not. In RestEasy for example, if the resource is not an EJB then you need to explicitly activate the feature as per the documentation
 
Creator of Enthuware JWS+ V6
Posts: 3411
320
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I agree with E Armitage, some providers have implemented it as a feature on their application servers however these applications are not portable.

The real answer to your question lies in the specifications of JAX-RS. For the WSD6 exam you need to know that it is based on JAX-RS v1.1. and there is no requirement about role based security at all.

By the way: when you have a question about the Enthuware questions you can hit the discuss buton from the ETS-viewer and you will be directed to the Enthuware forums. You will probably get a answer sooner.
 
"Don't believe every tiny ad you see on the internet. But this one is rock solid." - George Washington
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic