Re: [mvc-dev] mvc interaction with SecurityContext

[Ivar Grimstad <ivar.grimstad@xxxxxxxxxxxxxxxxxxxxxx>]

Hi Steaven,

The implementation of Jakarta Security does not support @RolesAllowed for non-servlet environments.

So, until this is fixed (most likely in Jakarta Security 2.x or 3) in Jakarta EE 10) you will have to use web.xml to configure these constrants. Here is an example:

<security-constraint>
    <display-name>A Foo</display-name>
    <web-resource-collection>
        <web-resource-name>Demo</web-resource-name>
        <description/>
        <url-pattern>/ui/hello</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <description>Constraints for a FOO</description>
        <role-name>foo</role-name>
    </auth-constraint>
</security-constraint>

Ivar

On Wed, Oct 7, 2020 at 12:59 AM Steaven Woyan <swoyan@xxxxxxxxx> wrote:

Hello,

Apologies ahead of time if this is the wrong place to ask questions.

I am in the process of trying out jakarta mvc.

I have the @Controller working just fine.

I have implemented a @CustomFormAuthenticationMechanismDefinition and that is working just fine.

The issue I am having is in trying to marry the two.

I cannot figure out how to get a @Controller to work with something @RolesAllowed from a servlet.

That is, I am trying to figure out how to get a @Controller to only be invoked if a user is in a certain role(s).

Is there a set of examples or an article anyone can point me to? I am not finding anything when I search.

Thanks for your time.

_______________________________________________
mvc-dev mailing list
mvc-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mvc-dev

--

Ivar Grimstad

Jakarta EE Developer Advocate | Eclipse Foundation, Inc.

Community. Code. Collaboration. 

Join us at our virtual event: EclipseCon 2020 - October 20-22