Network Deployment (Distributed operating systems), v8.0 > End-to-end paths > Web services - RESTful services > Use JAX-RS context objects to obtain more information about requests > 4. Add context fields and parameters to obtain information about requests.
Determine security information using SecurityContext objects
Use Java API for RESTful Web Services (JAX-RS), you can use the SecurityContext object to access security information from the request context.
Use an injected SecurityContext object with the JAX-RS runtime environment, you can determine the security information of a Java EE container for a particular request. The procedure provides an example of returning the name of the user that made a request, if a user was logged in.
By using an injected javax.ws.rs.core.SecurityContext object by the JAX-RS runtime environment, you can determine the security information of a Java EE container for a particular request. For example, you can determine if the request was made over a secure transport or if the current user is in a role designated by the Java EE application. We can also determine the principal information of the logged-in user and the authentication scheme used.
The security information is helpful to determine whether the request is valid programmatically and to log secure requests, such as a request from a user who accessed an administrator page.
To learn about setting up security, see the information about securing JAX-RS applications.
Procedure
- If a resource method signature can be modified, add the @javax.ws.rs.core.Context javax.ws.rs.core.SecurityContext parameter to the method. When the resource method is invoked, the JAX-RS runtime environment passes an object that implements the SecurityContext object; for example:
@Path("/contextexample") public class RootResource { @GET @Produces("text/plain") public Response getResource(@Context SecurityContext secContext) { StringBuilder sb = new StringBuilder(); sb.append("Hello "); if(secContext.isUserInRole("admin")) { sb.append("admin "); } Principal p = secContext.getUserPrincipal(); if(p != null) { sb.append(p.getName()); } return Response.ok(sb.toString()).build(); } }
- If a resource method signature cannot be modified and the class is a root resource, add the @javax.ws.rs.core.Context javax.ws.rs.core.SecurityContext field. When the resource is instantiated for a request, an object that implements SecurityContext is injected; for example:
@Path("/contextexample") public class RootResource { @Context SecurityContext secContext; @GET @Produces("text/plain") public Response getResource() { StringBuilder sb = new StringBuilder(); sb.append("Hello "); if(secContext.isUserInRole("admin")) { sb.append("admin "); } Principal p = secContext.getUserPrincipal(); if(p != null) { sb.append(p.getName()); } return Response.ok(sb.toString()).build(); } }
Results
You have used the javax.ws.rs.core.SecurityContext object to help provide security information from the Java EE container.
Use JAX-RS context objects to obtain more information about requests
Obtaining HTTP headers using HttpHeaders objects
Obtaining information about URIs using UriInfo objects
Evaluate request preconditions using Request objects
Implement secure JAX-RS applications