RolesPermitted Support
Since Payara Server 4.1.2.182 and 5.182
The Payara API provides a @RolesPermitted annotation that creates an authorisation interceptor for usage with CDI beans. This largely works in the same way as the @RolesAllowed common annotation, which in Java EE is primarily used by EJB.
Usage
The authorisation interceptor is defined through the @RolesPermitted annotation. Specifying this on an interceptable method of a CDI bean will make that method eligible for interception by the roles permitted interceptor. This interceptor will check that the caller of a method is any or all of the specified roles. If this holds, the call to the method proceeds. If not, an exception of type CallerAccessException is thrown.
The annotation can alternatively be placed at the class level of a CDI bean, in which case it will apply to all interceptable methods of that bean.
Example
Here’s an example that protects a single method:
@RequestScoped
public class TestRolesPermitted {
@Inject
Principal principal;
@RolesPermitted({"payaraAdmin"})
public String getUserName() {
return principal.getName();
}
}See this sample project for a more detailed example.
Configuration
The @RolesPermitted annotation has several configuration options.
They are detailed below.
| Option | Required | Description | Requirements |
|---|---|---|---|
|
true |
The roles which are allowed to access this method. |
- |
|
no |
Whether accessing caller must be in any one of the given roles ( |
- |
Extra Resources
See @RolesAllowed for the original annotation on which this annotation is based.