• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
  • Piet Souris
  • Frits Walraven
  • Carey Brown

role based security in jax-rs

Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Do we need to declare a jax-rs resource class as EJB to have the role based security???

I was going through the question from enthuware and encountered the following question:

There is a RESTful Web Service that adds two numbers. We want to secure this Web Service in order to only allow users in the role "student". What is the correct JAX-RS root resource class to implement this requirement? Assume that there is a security constraint in the web deployment descriptor that allows "student" and "teacher" to access the URL.

and the correct answer for this was:

public class AdditionService extends Application {   
public String addp(@PathParam("num1") int num, @PathParam("num2") int num2){       
return "" + (num+num2);    }

the option that i selected was wrong and it showed explanation: "Note that the root resource class is not an EJB, therefore role-based security does not work".

i tried to search through internet to find if it is necessary to have declared it as ejb but couldn't find anything concrete. Please anyone verify this or provide some link for this.

Posts: 989
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Some JAX-RS providers may provide that by default on non EJBs but some may not. In RestEasy for example, if the resource is not an EJB then you need to explicitly activate the feature as per the documentation
Creator of Enthuware JWS+ V6
Posts: 3348
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I agree with E Armitage, some providers have implemented it as a feature on their application servers however these applications are not portable.

The real answer to your question lies in the specifications of JAX-RS. For the WSD6 exam you need to know that it is based on JAX-RS v1.1. and there is no requirement about role based security at all.

By the way: when you have a question about the Enthuware questions you can hit the discuss buton from the ETS-viewer and you will be directed to the Enthuware forums. You will probably get a answer sooner.
Yeah, but how did the squirrel get in there? Was it because of the tiny ad?
Thread Boost feature
    Bookmark Topic Watch Topic
  • New Topic