Menu
▾
▴
#2 Object Level Security
Hi,
I need to secure my WS with object level security: all users have to be authenticated by the web server (tomcat). RestEasy easily checks if the role (e.g. user) exists for the user. But then I need to also check that the object Account is associated with the "logged on user". I have used something as follows. Anyone has an idea on what would be the best way to implement (maybe with interceptors).
Thanks,
Assaf
@GET
@Path("{id}")
@Produces("text/xml")
@RolesAllowed("user")
public Account getAccount(@Context SecurityContext security, @PathParam("id") int id) {
// get the account object
Account account = xxxx
// now manually call on a function to check if the account belongs to this user
if (!account.isAccessible(security)){
// it does not so throw an exception
throw new Exception....
}
return account;
}
