Jersey SecurityEntityFilteringFeature in dropwizard?

[Patrick von der Hagen]

Hi,

I have several roles accessing my REST-services, lets say BASIC and MANAGER. MANAGER can see more attributes than BASIC.

If I had different resources for BASIC and MANAGER, I'd solve this by using the JsonView-annotation in jackson. But since it is the same resource, I would have to set the JsonView dynamically depending on the user-role.

I would prefer to use the SecurityEntityFilteringFeature found in jersey, but due to the dropwizard "encapusaltion" of jersey, following jersey documentation doesn't work, the filtering is not applied.

So far I found this sample https://gist.github.com/oillio/1c1845059caf47527f94202bf14b2dca , which is a little bit dated. It is concerned about EntityFiltering, but should provide a blueprint for SecurityEntityFiltering as well.

Is it still the best option? Is there any other way that I'm currently missing? I suppose it can't be such a rare problem and I'm probably just missing the forest for the trees...

Best regards
Patrick