WAS v8.5 > End-to-end paths > Web services - RESTful services > Use JAX-RS context objects to obtain more information about requests > Step 4. Add context fields and parameters to obtain information about requests.Determine security information using SecurityContext objects
Using Java API for RESTful Web Services (JAX-RS), we can use the SecurityContext object to access security information from the request context. Using an injected SecurityContext object with the JAX-RS runtime environment, we can determine the security information of a Java EE container for a particular request. The procedure provides an example of returning the name of the user that made a request, if a user was logged in.
By using an injected javax.ws.rs.core.SecurityContext object by the JAX-RS runtime environment, we can determine the security information of a Java EE container for a particular request. For example, we can determine if the request was made over a secure transport or if the current user is in a role designated by the Java EE application. We can also determine the principal information of the logged-in user and the authentication scheme used.
The security information is helpful to determine whether the request is valid programmatically and to log secure requests, such as a request from a user who accessed an administrator page. To learn about setting up security, see the information about securing JAX-RS applications.
- If a resource method signature can be modified, add the @javax.ws.rs.core.Context javax.ws.rs.core.SecurityContext parameter to the method. When the resource method is invoked, the JAX-RS runtime environment passes an object that implements the SecurityContext object; for example:
@Path("/contextexample") public class RootResource { @GET @Produces("text/plain") public Response getResource(@Context SecurityContext secContext) { StringBuilder sb = new StringBuilder(); sb.append("Hello "); if(secContext.isUserInRole("admin")) { sb.append("admin "); } Principal p = secContext.getUserPrincipal(); if(p != null) { sb.append(p.getName()); } return Response.ok(sb.toString()).build(); }}- If a resource method signature cannot be modified and the class is a root resource, add the @javax.ws.rs.core.Context javax.ws.rs.core.SecurityContext field. When the resource is instantiated for a request, an object that implements SecurityContext is injected; for example:
@Path("/contextexample") public class RootResource { @Context SecurityContext secContext; @GET @Produces("text/plain") public Response getResource() { StringBuilder sb = new StringBuilder(); sb.append("Hello "); if(secContext.isUserInRole("admin")) { sb.append("admin "); } Principal p = secContext.getUserPrincipal(); if(p != null) { sb.append(p.getName()); } return Response.ok(sb.toString()).build(); }}
Results
You have used the javax.ws.rs.core.SecurityContext object to help provide security information from the Java EE container.
Related
Use JAX-RS context objects to obtain more information about requests
Obtain HTTP headers using HttpHeaders objects
Obtain information about URIs using UriInfo objects
Evaluate request preconditions using Request objects
Implement secure JAX-RS applications