ProtectedClassResource.java

package com.example.helloworld.resources;

import com.example.helloworld.core.User;
import io.dropwizard.auth.Auth;

import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.SecurityContext;

/**
 * {@link RolesAllowed}, {@link PermitAll} are supported on the class level.<p>
 * Method level annotations take precedence over the class level ones
 */

@Path("/protected")
@RolesAllowed("BASIC_GUY")
public final class ProtectedClassResource {

    @GET
    @PermitAll
    @Path("guest")
    public String showSecret(@Auth User user) {
        return String.format("Hey there, %s. You know the secret! %d", user.getName(), user.getId());
    }

    /* Access to this method is authorized by the class level annotation */
    @GET
    public String showBasicUserSecret(@Context SecurityContext context) {
        User user = (User) context.getUserPrincipal();
        return String.format("Hey there, %s. You seem to be a basic user. %d", user.getName(), user.getId());
    }

    @GET
    @RolesAllowed("ADMIN")
    @Path("admin")
    public String showAdminSecret(@Auth User user) {
        return String.format("Hey there, %s. It looks like you are an admin. %d", user.getName(), user.getId());
    }

}