Let's say I have some rest modules, a bunch of classes and endpoints.
In every case I want to check the user accessing is admin. I don't really want to add the code to every method, eg:
if (! isAdmin) {return Response.status(403).build()}
Has anyone used a request interceptor to handle these kind of security requirements? I looked at some various blogs, eg http://anismiles.wordpress.com/2012/03/02/securing-versioning-and-auditing-rest-jax-rs-jersey-apis/, but it doesn't seem as simple as I think it should be.
Ideally I was hoping for an @AdminRequired annotation. Also this is cross-product so I can't use anything that only exists in say jira.
Community moderators have prevented the ability to post new answers.
To answer my own question, @ResourceFilters was what I was looking for.
> Anyone know how to find out what version of the rest-common plugin is in each product?
https://developer.atlassian.com/display/DOCS/REST+API+Plugin+Version+Matrix, but it's not up to date.
Maybe I will try to use this: https://bitbucket.org/atlassian/atlassian-rest/src/cc7f6aa16c340e5c7860b6fd6d611395396f0313/atlassian-rest-common/src/main/java/com/atlassian/plugins/rest/common/security/jersey/AdminOnlyResourceFilter.java?at=master- seems to be what I am looking for. Anyone know how to find out what version of the rest-common plugin is in each product?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.