The authorization process verifies whether the client who has requested or initiated an action has the right to do so. In this section, we will see how to use the JAX-RS APIs for authorizing incoming REST API calls from various clients.
We started off this chapter by discussing how an application authenticates a user who is trying to access a secured resource. When a client accesses a secured resource, the server identifies and validates the requester, and on successful authentication, the requester is allowed to get inside the application. During this process, the underlying security framework generates a javax.ws.rs.core.SecurityContext
object that holds security related information pertaining to the requester. The JAX-RS framework allows you to access the SecurityContext
object in the code in order to perform security checks in the code.
Some of the frequently used methods exposed...