tomcat webapp中基于注释的安全性(annotation based security in tomcat webapp)

我想实现像这样的webservice安全（ http://docs.oracle.com/cd/E24329_01/web.1211/e24983/secure.htm - 示例适用于javaee）

但是在tomcat + jersey里面应用。有可能这样做吗？

据我所知，tomcat确实有一个注释-api，可以在这种情况下工作。无法弄清楚如何。

package samples.helloworld; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.annotation.Security.RolesAllowed; @Path("/helloworld") @RolesAllowed({"ADMIN", "ORG1"}) public class helloWorld { @GET @Path("sayHello") @Produces("text/plain") @RolesAllows("ADMIN") public String sayHello() { return "Hello World!"; } }

I want to achieve webservice security something like this (http://docs.oracle.com/cd/E24329_01/web.1211/e24983/secure.htm - example is for javaee)

But inside tomcat + jersey application. Is it possible to do so ?

As far as I can see, tomcat does have annotation-api which can work in this case. Unable to figure out how.

最满意答案

如上面的链接所述，您应该保护您的Rest WebServices。 Web.xml的示例

<web-app> <servlet> <servlet-name>RestServlet</servlet-name> <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class> </servlet> <servlet-mapping> <servlet-name>RestServlet</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>Orders</web-resource-name> <url-pattern>/orders</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>default</realm-name> </login-config> <security-role> <role-name>admin</role-name> </security-role> </web-app>

As described in the link above, you should secure your Rest WebServices. Example of Web.xml

更多推荐