此内容没有您所选择的语言版本。
15.6. JAX-RS Web Service Security
			RESTEasy supports the @RolesAllowed, @PermitAll, and @DenyAll annotations on JAX-RS methods. However, it does not recognize these annotations by default. Follow these steps to configure the web.xml file and enable role-based security.
		
Warning
- resteasy.document.expand.entity.references
- resteasy.document.secure.processing.feature
- resteasy.document.secure.disableDTDs
Warning
Procedure 15.1. Enable Role-Based Security for a RESTEasy JAX-RS Web Service
- Open theweb.xmlfile for the application in a text editor.
- Add the following <context-param> to the file, within theweb-apptags:<context-param> <param-name>resteasy.role.based.security</param-name> <param-value>true</param-value> </context-param><context-param> <param-name>resteasy.role.based.security</param-name> <param-value>true</param-value> </context-param>Copy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Declare all roles used within the RESTEasy JAX-RS WAR file, using the <security-role> tags:Copy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Authorize access to all URLs handled by the JAX-RS runtime for all roles:Copy to Clipboard Copied! Toggle word wrap Toggle overflow 
Role-based security has been enabled within the application, with a set of defined roles.
Example 15.1. Example Role-Based Security Configuration
15.6.2. Secure a JAX-RS Web Service using Annotations
This topic covers the steps to secure a JAX-RS web service using the supported security annotations
Procedure 15.2. Secure a JAX-RS Web Service using Supported Security Annotations
- Enable role-based security. For more information, refer to: Section 15.6.1, “Enable Role-Based Security for a RESTEasy JAX-RS Web Service”
- Add security annotations to the JAX-RS web service. RESTEasy supports the following annotations:- @RolesAllowed
- Defines which roles can access the method. All roles should be defined in theweb.xmlfile.
- @PermitAll
- Allows all roles defined in theweb.xmlfile to access the method.
- @DenyAll
- Denies all access to the method.