SecurityContextContainerRequestFilter.java example

Explorer
Resteasy-master
package org.jboss.resteasy.test.security.resource;

import org.jboss.resteasy.util.HttpResponseCodes;

import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.ext.Provider;
import java.io.IOException;

@Provider
@PreMatching
public class SecurityContextContainerRequestFilter implements ContainerRequestFilter {
    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        SecurityContext securityContext = requestContext.getSecurityContext();
        if (!securityContext.isUserInRole("admin")) {
            requestContext.abortWith(Response.status(HttpResponseCodes.SC_UNAUTHORIZED)
                    .entity("User ordinaryUser is not authorized, coming from filter").build());
        }
    }
}