I think I want to go with the first method.
Looks like working now, but not sure if it is the right way:
1. I have to add the annotation value in ResourceFilterFactory through the AbstractMethod 2. Initialize the annotation values in filter constructor
The previous problem I was missing is that I didn't pass by annotation values to filter as in <1> and <2>:
securityFilters.add(new UserInRoleSecurityContextFilter(userInRoleAllowed.value()));
this.rolesAllowed = (rolesAllowed != null) ? rolesAllowed : new String[] {};
So, my understand is that each method has @UserInRoleAllowed annotation will have its own/separate UserInRoleSecurityContextFilter?
======================
other questions:
1. why am.getResource().getAnnotation() not working.
this example in post uses both statements.
UserInRoleAllowed userInRoleAllowed = am.getResource().getAnnotation(UserInRoleAllowed.class); //fails
UserInRoleAllowed userInRoleAllowed = am.getAnnotation(UserInRoleAllowed.class); //works
2. in <3>
if (securityContext == null) {
// securityContext should be set up in constructor, but still null <3>
securityContext = request.getSecurityContext();
}
securityContext is declared as "private @Context", it suppose to be set up/initialized by jersey after constructor method. Why it is still null and I have to call request.getSecurityContext();
If you can give me some explanation, I really appreciate.