Win a copy of Machine Learning with R: Expert techniques for predictive modeling this week in the Artificial Intelligence and Machine Learning forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
  • Knute Snortum
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
  • Piet Souris
  • Frits Walraven
  • Ganesh Patekar

role based security in jax-rs

Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Do we need to declare a jax-rs resource class as EJB to have the role based security???

I was going through the question from enthuware and encountered the following question:

There is a RESTful Web Service that adds two numbers. We want to secure this Web Service in order to only allow users in the role "student". What is the correct JAX-RS root resource class to implement this requirement? Assume that there is a security constraint in the web deployment descriptor that allows "student" and "teacher" to access the URL.

and the correct answer for this was:

public class AdditionService extends Application {   
public String addp(@PathParam("num1") int num, @PathParam("num2") int num2){       
return "" + (num+num2);    }

the option that i selected was wrong and it showed explanation: "Note that the root resource class is not an EJB, therefore role-based security does not work".

i tried to search through internet to find if it is necessary to have declared it as ejb but couldn't find anything concrete. Please anyone verify this or provide some link for this.

Posts: 989
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Some JAX-RS providers may provide that by default on non EJBs but some may not. In RestEasy for example, if the resource is not an EJB then you need to explicitly activate the feature as per the documentation
Creator of Enthuware JWS+ V6
Posts: 3295
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I agree with E Armitage, some providers have implemented it as a feature on their application servers however these applications are not portable.

The real answer to your question lies in the specifications of JAX-RS. For the WSD6 exam you need to know that it is based on JAX-RS v1.1. and there is no requirement about role based security at all.

By the way: when you have a question about the Enthuware questions you can hit the discuss buton from the ETS-viewer and you will be directed to the Enthuware forums. You will probably get a answer sooner.
Evacuate the building! Here, take this tiny ad with you:
Java file APIs (DOC, XLS, PDF, and many more)
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!