I'm using JAX-RS on Glassfish to implement a set of resources, which can be accessed only by specific users.
Consider two users, userA and userB, both registered in my website.
http://{localhost}/service/user/A; http://{localhost}/service/user/B;Then Glassfish's default security implementation was configured as:
/services/user/*
So when logged in, both userA and userB can access to /service/user/A and /service/user/B.
Now the question, Is it possible that
/services/user/A, but not /services/user/B
and at the same time
/services/user/B, but not/services/user/A`I think I must have missed something, because this is a common need I believe. Can anyone help?
That is something that you have to implement at the application level. The application server has no way to know about your security policy, which could be quite sophisticated. You could do it yourself (adding logic in User resource), and that might be the right approach if your security policy is simple. Otherwise, you should look at Spring Security, which can be integrated with JAX-RS. That will give you a lot of flexibility.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With