39 lines
1.7 KiB
Plaintext
39 lines
1.7 KiB
Plaintext
[[howto.jersey]]
|
|
== Jersey
|
|
|
|
|
|
|
|
[[howto.jersey.spring-security]]
|
|
=== Secure Jersey endpoints with Spring Security
|
|
Spring Security can be used to secure a Jersey-based web application in much the same way as it can be used to secure a Spring MVC-based web application.
|
|
However, if you want to use Spring Security's method-level security with Jersey, you must configure Jersey to use `setStatus(int)` rather `sendError(int)`.
|
|
This prevents Jersey from committing the response before Spring Security has had an opportunity to report an authentication or authorization failure to the client.
|
|
|
|
The `jersey.config.server.response.setStatusOverSendError` property must be set to `true` on the application's `ResourceConfig` bean, as shown in the following example:
|
|
|
|
[source,java,indent=0]
|
|
----
|
|
include::{docs-java}/howto/jersey/springsecurity/JerseySetStatusOverSendErrorConfig.java[tag=*]
|
|
----
|
|
|
|
|
|
|
|
[[howto.jersey.alongside-another-web-framework]]
|
|
=== Use Jersey Alongside Another Web Framework
|
|
To use Jersey alongside another web framework, such as Spring MVC, it should be configured so that it will allow the other framework to handle requests that it cannot handle.
|
|
First, configure Jersey to use a Filter rather than a Servlet by configuring the configprop:spring.jersey.type[] application property with a value of `filter`.
|
|
Second, configure your `ResourceConfig` to forward requests that would have resulted in a 404, as shown in the following example.
|
|
|
|
[source,java,pending-extract=true,indent=0,subs="verbatim,quotes,attributes"]
|
|
----
|
|
@Component
|
|
public class JerseyConfig extends ResourceConfig {
|
|
|
|
public JerseyConfig() {
|
|
register(Endpoint.class);
|
|
property(ServletProperties.FILTER_FORWARD_ON_404, true);
|
|
}
|
|
|
|
}
|
|
----
|