SupportConsoleDevelopersStart a trialContact

16.5. JAX-RS Application Security

16.5.1. Enable Role-Based Security for a RESTEasy JAX-RS Web Service

Summary

RESTEasy supports the @RolesAllowed, @PermitAll, and @DenyAll annotations on JAX-RS methods. However, it does not recognize these annotations by default. Follow these steps to configure the web.xml file and enable role-based security.

Warning

Do not activate role-based security if the application uses EJBs. The EJB container will provide the functionality, instead of RESTEasy.

Procedure 16.3. Enable Role-Based Security for a RESTEasy JAX-RS Web Service

  1. Open the web.xml file for the application in a text editor.
  2. Add the following <context-param> to the file, within the web-app tags: 
    <context-param>
    <param-name>resteasy.role.based.security</param-name>
    <param-value>true</param-value>
</context-param>
  3. Declare all roles used within the RESTEasy JAX-RS WAR file, using the <security-role> tags: 
    <security-role>
    <role-name>ROLE_NAME</role-name>
</security-role>
<security-role>
    <role-name>ROLE_NAME</role-name>
</security-role>
  4. Authorize access to all URLs handled by the JAX-RS runtime for all roles: 
    <security-constraint>
    <web-resource-collection>
	<web-resource-name>Resteasy</web-resource-name>
	<url-pattern>/PATH</url-pattern>
    </web-resource-collection>
    <auth-constraint>
	<role-name>ROLE_NAME</role-name>
	<role-name>ROLE_NAME</role-name>
    </auth-constraint>
</security-constraint>
Result

Role-based security has been enabled within the application, with a set of defined roles.

Example 16.14. Example Role-Based Security Configuration

<web-app>

    <context-param>
	<param-name>resteasy.role.based.security</param-name>
	<param-value>true</param-value>
    </context-param>

    <servlet-mapping>
	<servlet-name>Resteasy</servlet-name>
	<url-pattern>/*</url-pattern>
    </servlet-mapping>

    <security-constraint>
	<web-resource-collection>
	    <web-resource-name>Resteasy</web-resource-name>
	    <url-pattern>/security</url-pattern>
	</web-resource-collection>
	<auth-constraint>
	    <role-name>admin</role-name>
	    <role-name>user</role-name>
	</auth-constraint>
    </security-constraint>

    <security-role>
	<role-name>admin</role-name>
    </security-role>
    <security-role>
	<role-name>user</role-name>
    </security-role>
    
</web-app>
Report a bug
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.