Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

role based security in jax-rs

 
bk thakur
Greenhorn
Posts: 6
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Do we need to declare a jax-rs resource class as EJB to have the role based security???

I was going through the question from enthuware and encountered the following question:

There is a RESTful Web Service that adds two numbers. We want to secure this Web Service in order to only allow users in the role "student". What is the correct JAX-RS root resource class to implement this requirement? Assume that there is a security constraint in the web deployment descriptor that allows "student" and "teacher" to access the URL.

and the correct answer for this was:

@ApplicationPath("jax")
@Path("rs")
@Stateless
@RolesAllowed("student")
public class AdditionService extends Application {   
 @GET  
  @Path("/add/{num1}/{num2}")    
public String addp(@PathParam("num1") int num, @PathParam("num2") int num2){       
return "" + (num+num2);    }
}

the option that i selected was wrong and it showed explanation: "Note that the root resource class is not an EJB, therefore role-based security does not work".

i tried to search through internet to find if it is necessary to have declared it as ejb but couldn't find anything concrete. Please anyone verify this or provide some link for this.


Regards,
bkthakur
 
E Armitage
Rancher
Posts: 989
9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Some JAX-RS providers may provide that by default on non EJBs but some may not. In RestEasy for example, if the resource is not an EJB then you need to explicitly activate the feature as per the documentation
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2536
113
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I agree with E Armitage, some providers have implemented it as a feature on their application servers however these applications are not portable.

The real answer to your question lies in the specifications of JAX-RS. For the WSD6 exam you need to know that it is based on JAX-RS v1.1. and there is no requirement about role based security at all.

By the way: when you have a question about the Enthuware questions you can hit the discuss buton from the ETS-viewer and you will be directed to the Enthuware forums. You will probably get a answer sooner.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic