Different user roles with @Auth

[Fredrik Hörte]

Is there any native support for having different user roles when using @Auth.

E.g. if I have BETA_USER, REGULAR_USER, ADMIN_USER and I want different methods to be accessible for different Users depending on their role. Have anybody an example for such implementation using dw?

Something like bellow (though I know @Auth doesn't take "roles" as bellow) but looking for smth similar.

public List<User> getUsers(@Auth(roles="ADMIN, REGULAR, BETA") User user, @QueryParam("limit") @DefaultValue("20") int limit, @QueryParam("offset") @DefaultValue("0") int offset) {
        return userDAO.findAll(limit, offset);
    }


thanks!

[Elias Torres]

Hi Fredrik!

Sorry for the late reply, but I just joined the mailing list and had a similar question to yours. I think you should read Coda's article on Injection Providers so you can build your own.

http://codahale.com/what-makes-jersey-interesting-injection-providers/

I was playing around with it and was able to create a @TokenAuth class that leveraged the BasicAuthInjectable class from DW but also provided support for access levels as in @TokenAuth(access=ROOT) or @TokenAuth(access=READ_ONLY) ...

Coda, 

Thanks for dw! It makes developing web services in java a breeze as in flask/rails but with all of java's advantages over python/ruby. I'm looking forward to seeing 0.6+ in action.

-Elias 

[Gary Rowe]

If you want to save yourself the hassle, there is an implementation of an @RestrictedTo annotation which allows you to authenticate against a list of authorities taken from an enum. The resulting code looks like this:

@POST

  @Timed

  @Path("/user")

  public Response create(

    @RestrictedTo({Authority.ROLE_ADMIN})

    User adminUser,

    AdminCreateUserRequest createUserRequest) {

...}

You can find the source, and supporting providers etc here: https://github.com/gary-rowe/MultiBitMerchant/blob/develop/common/mbm-client/src/main/java/org/multibit/mbm/auth/annotation/RestrictedTo.java