Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mvc-dev] mvc interaction with SecurityContext

Hi Steaven,

The implementation of Jakarta Security does not support @RolesAllowed for non-servlet environments.
So, until this is fixed (most likely in Jakarta Security 2.x or 3) in Jakarta EE 10) you will have to use web.xml to configure these constrants. Here is an example:

<display-name>A Foo</display-name>
<description>Constraints for a FOO</description>

On Wed, Oct 7, 2020 at 12:59 AM Steaven Woyan <swoyan@xxxxxxxxx> wrote:
Apologies ahead of time if this is the wrong place to ask questions.

I am in the process of trying out jakarta mvc.
I have the @Controller working just fine.
I have implemented a @CustomFormAuthenticationMechanismDefinition and that is working just fine.

The issue I am having is in trying to marry the two.

I cannot figure out how to get a @Controller to work with something @RolesAllowed from a servlet.

That is, I am trying to figure out how to get a @Controller to only be invoked if a user is in a certain role(s).

Is there a set of examples or an article anyone can point me to? I am not finding anything when I search.

Thanks for your time.

mvc-dev mailing list
To change your delivery options, retrieve your password, or unsubscribe from this list, visit


Ivar Grimstad

Jakarta EE Developer Advocate | Eclipse Foundation, Inc.

Community. Code. Collaboration. 

Join us at our virtual event:
EclipseCon 2020 - October 20-22

Back to the top