HowToDoInJava

  • Java 8
  • Regex
  • Concurrency
  • Best Practices
  • Spring Boot
  • JUnit5
  • Interview Questions

RESTEasy ContainerRequestFilter – RESTEasy security filter example

By Lokesh Gupta | Filed Under: RESTEasy

Learn to use RESTEasy ContainerRequestFilter to create security filter which is able to to perform authentication and authorization on RESTEasy based web applications.

1. RESTEasy ContainerRequestFilter and ContainerReponseFilter

The new RESTEasy version 3.0.2 final has been recently released and is made compatible with JAX-RS 2.0. If you remember that previous JAX-RS releases had no specification regarding implementing filters and interceptors. That’s why all JAX-RS implementations had their own flavors. RESTEasy had PreProcessorInterceptor and PostProcessorInterceptor which are deprecated now.

Now JAX-RS has it’s own specification around filters and interceptors. You can read a detailed discussion by this post by Bill Burke.

In resteasy, Filters are run before and after the resource method is invoked. These filters are essentially, ContainerRequestFilter and ContainerReponseFilter. ContainerRequestFilters run before your JAX-RS resource method is invoked. ContainerResponseFilters run after your JAX-RS resource method is invoked. As an added caveat, ContainerRequestFilters come in two flavors: pre-match and post-matching. Pre-matching ContainerRequestFilters are designated with the @PreMatching annotation and will execute before the JAX-RS resource method is matched with the incoming HTTP request. Post matching ContainerRequestFilters execute after the Java resource method has been matched.

While filters modify request or response headers, interceptors deal with message bodies. They can be used to implement a specific content-encoding. They can be used to generate digital signatures or to post or pre-process a Java object model before or after it is marshalled.

2. RESTEasy ContainerRequestFilter Example

In this post, I am modifying the resteasy authentication and authorization tutorial which was originally written in RESTEasy “2.3.1.GA” using PreProcessorInterceptor. I have updated it to RESTEasy version “3.0.2.Final” which is build on JAX-RS 2.0 specification.

2.1. Update maven dependencies

As I am using maven, I have updated the pom.xml file as below. If you are using ant or jar file, then update the required jars accordingly.

<dependencies>
 <!-- core library -->
 <dependency>
	<groupId>org.jboss.resteasy</groupId>
	 <artifactId>resteasy-jaxrs</artifactId>
	<version>3.0.2.Final</version>
 </dependency>
<!-- JAXB support -->
<dependency>
  <groupId>org.jboss.resteasy</groupId>
	<artifactId>resteasy-jaxb-provider</artifactId>
  <version>3.0.2.Final</version>
</dependency>
<dependency>
	<groupId>org.jboss.resteasy</groupId>
	<artifactId>jaxrs-api</artifactId>
	<version>3.0.2.Final</version>
</dependency>
<dependency>
	<groupId>net.sf.scannotation</groupId>
	<artifactId>scannotation</artifactId>
	<version>1.0.3</version>
</dependency>
</dependencies>

2.2. RESTEasy SecurityInterceptor

As JAX-RS 2.0 has filters for pre and post request handling, we will be using ContainerRequestFilter interface. Remember PreProcessorInterceptor is deprecated now.

@Provider
public class SecurityInterceptor implements javax.ws.rs.container.ContainerRequestFilter
{
    @Override
	public void filter(ContainerRequestContext requestContext)
	{
		//More code...
	}
}

Now, first we have to access the resource method to check the security constraints and attributes it define.

	ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) 
				requestContext.getProperty("org.jboss.resteasy.core.ResourceMethodInvoker");
	Method method = methodInvoker.getMethod();

Now we have the access to resource method. Now everything will be same as we were doing it previously. i.e.

  • Check PermitAll annotation, if it is present then no need to check anything further
  • Check DenyAll annotation, if it is present then return with access-denied
  • Check RolesAllowed annotation, and fetch the roles required from annotation. Get authorization information from request and match it as per application logic. If authorization is successful, give the access otherwise return access-denied.

2.3. RESTEasy SecurityInterceptor sourcecode

Complete code for SecurityInterceptor is as follow.

package com.howtodoinjava.demo.rest.security;

import java.io.IOException;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;

import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.ext.Provider;

import org.jboss.resteasy.core.Headers;
import org.jboss.resteasy.core.ResourceMethodInvoker;
import org.jboss.resteasy.core.ServerResponse;
import org.jboss.resteasy.util.Base64;

/**
 * This interceptor verify the access permissions for a user 
 * based on username and passowrd provided in request
 * */
@Provider
public class SecurityInterceptor implements javax.ws.rs.container.ContainerRequestFilter
{
	private static final String AUTHORIZATION_PROPERTY = "Authorization";
	private static final String AUTHENTICATION_SCHEME = "Basic";
	private static final ServerResponse ACCESS_DENIED = new ServerResponse("Access denied for this resource", 401, new Headers<Object>());;
	private static final ServerResponse ACCESS_FORBIDDEN = new ServerResponse("Nobody can access this resource", 403, new Headers<Object>());;
	private static final ServerResponse SERVER_ERROR = new ServerResponse("INTERNAL SERVER ERROR", 500, new Headers<Object>());;
	
	@Override
	public void filter(ContainerRequestContext requestContext)
	{
		ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) requestContext.getProperty("org.jboss.resteasy.core.ResourceMethodInvoker");
		Method method = methodInvoker.getMethod();
		//Access allowed for all 
		if( ! method.isAnnotationPresent(PermitAll.class))
		{
			//Access denied for all 
			if(method.isAnnotationPresent(DenyAll.class))
			{
				requestContext.abortWith(ACCESS_FORBIDDEN);
				return;
			}
			
			//Get request headers
			final MultivaluedMap<String, String> headers = requestContext.getHeaders();
			
			//Fetch authorization header
		    final List<String> authorization = headers.get(AUTHORIZATION_PROPERTY);
		    
		    //If no authorization information present; block access
		    if(authorization == null || authorization.isEmpty())
		    {
		    	requestContext.abortWith(ACCESS_DENIED);
		    	return;
		    }
		    
		    //Get encoded username and password
		    final String encodedUserPassword = authorization.get(0).replaceFirst(AUTHENTICATION_SCHEME + " ", "");
		    
		    //Decode username and password
		    String usernameAndPassword = null;
			try {
				usernameAndPassword = new String(Base64.decode(encodedUserPassword));
			} catch (IOException e) {
				requestContext.abortWith(SERVER_ERROR);
				return;
			}

			//Split username and password tokens
		    final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
		    final String username = tokenizer.nextToken();
		    final String password = tokenizer.nextToken();
		    
		    //Verifying Username and password
		    System.out.println(username);
		    System.out.println(password);
			
		    //Verify user access
			if(method.isAnnotationPresent(RolesAllowed.class))
			{
				RolesAllowed rolesAnnotation = method.getAnnotation(RolesAllowed.class);
				Set<String> rolesSet = new HashSet<String>(Arrays.asList(rolesAnnotation.value()));
				
				//Is user valid?
				if( ! isUserAllowed(username, password, rolesSet))
				{
					requestContext.abortWith(ACCESS_DENIED);
					return;
				}
			}
		}
	}
	private boolean isUserAllowed(final String username, final String password,	final Set<String> rolesSet) 
	{
		boolean isAllowed = false;
		
		//Step 1. Fetch password from database and match with password in argument
		//If both match then get the defined role for user from database and continue; else return isAllowed [false]
		//Access the database and do this part yourself
		//String userRole = userMgr.getUserRole(username);
		String userRole = "ADMIN";
		
		//Step 2. Verify user role
		if(rolesSet.contains(userRole))
		{
			isAllowed = true;
		}
		return isAllowed;
	}
	
}

2.4. RESTEasy security filter demo

To test the security code, deploy the web application in any application server like Tomcat. Now, send following requests:

  • HTTP GET http://localhost:8080/RESTEasyEtagDemo/user-service/users/1 without username and password

    User is able to access the API successfully.

    resteasy authorization test get api

  • HTTP PUT http://localhost:8080/RESTEasyEtagDemo/user-service/users/1 without username and password

    User is not able to access the API.

    resteasy authorization test get api

  • Add basic authorization credentials

    Add basic authorization credentials

  • HTTP PUT http://localhost:8080/RESTEasyEtagDemo/user-service/users/1 with username and password added

    User is able to access protected API

    resteasy authorization test put api 2

That’s all in resteasy security interceptor example. If you have any query or suggestion, drop me a comment.


Download Sourcecode for Jboss

Update: Below are the steps to run this project in tomcat 7.

Today, I again worked on this project to run on tomcat 7. To run successfully, I did following steps:

– Import the project in eclipse
– Run Prompt > mvn eclipse:eclipse -Dwtpversion=2.0 in project root folder [Reference]
– Update the @Produces and @Consumes annotations on methods
– Start the tomcat server and test the application. You will get desired results.

Download sourcecode for Tomcat 7

Happy Learning !!

About Lokesh Gupta

Founded HowToDoInJava.com in late 2012. I love computers, programming and solving problems everyday. A family guy with fun loving nature. You can find me on Facebook, Twitter and Google Plus.

Feedback, Discussion and Comments

  1. alex

    December 8, 2018

    for Tomcat 9.08 , servlet api 4 , java 1.8

    web.xml

     
    
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
             http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
             version="3.1">
    
      <display-name>Archetype Created Web Application</display-name>
    
        <context-param>
            <param-name>resteasy.providers</param-name>
            <param-value>com.howtodoinjava.demo.rest.security.SecurityInterceptor</param-value>
        </context-param>
    
     <context-param>
            <param-name>resteasy.resources</param-name>
            <param-value>com.howtodoinjava.demo.rest.service.UserService</param-value>
        </context-param>
    
    
        <servlet>
            <servlet-name>resteasy-servlet</servlet-name>
            <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
        </servlet>
    
        <servlet-mapping>
            <servlet-name>resteasy-servlet</servlet-name>
            <url-pattern>/*</url-pattern>
        </servlet-mapping>
    </web-app>
    
    

    pom.xml

     
    <?xml version="1.0" encoding="UTF-8"?>
    <project xmlns="http://maven.apache.org/POM/4.0.0"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
             http://maven.apache.org/xsd/maven-4.0.0.xsd">
    
        <modelVersion>4.0.0</modelVersion>
        <groupId>com.howtodoinjava.app</groupId>
        <artifactId>RESTEasyEtagDemo</artifactId>
        <packaging>war</packaging>
    
        <version>1.0-SNAPSHOT</version>
        <name>RESTEasyEtagDemo Maven Webapp</name>
        <url>http://maven.apache.org</url>
    
        <repositories>
            <repository>
                <id>jboss</id>
                <url>d:\!_apache-mvn-local-repo\</url>
            </repository>
        </repositories>
    
    
        <properties>
            <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    
            <servlets.version>4.0.1</servlets.version>
    
        </properties>
    
        <dependencies>
    
            <dependency>
                <groupId>org.jboss.resteasy</groupId>
                <artifactId>resteasy-jaxrs</artifactId>
                <version>3.6.2.Final</version>
            </dependency>
            <dependency>
                <groupId>org.jboss.resteasy</groupId>
                <artifactId>resteasy-jaxb-provider</artifactId>
                <version>3.6.2.Final</version>
            </dependency>
    
            <dependency>
                <groupId>org.jboss.resteasy</groupId>
                <artifactId>resteasy-client</artifactId>
                <version>3.6.2.Final</version>
            </dependency>
    
            <dependency>
                <groupId>org.jboss.resteasy</groupId>
                <artifactId>resteasy-servlet-initializer</artifactId>
                <version>3.6.2.Final</version>
            </dependency>
    
    
            <dependency>
                <groupId>javax.servlet</groupId>
                <artifactId>javax.servlet-api</artifactId>
                <version>${servlets.version}</version>
                <scope>provided</scope>
            </dependency>
    
        </dependencies>
    
        <build>
            <plugins>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-compiler-plugin</artifactId>
                    <version>3.1</version>
                    <configuration>
                        <source>1.8</source>
                        <target>1.8</target>
                    </configuration>
                </plugin>
            </plugins>
        </build>
    </project>
    

    Create an annotation

     
    package com.howtodoinjava.demo.rest.orm;
    
    import javax.ws.rs.NameBinding;
    import java.lang.annotation.Retention;
    import java.lang.annotation.Target;
    
    import static java.lang.annotation.ElementType.METHOD;
    import static java.lang.annotation.ElementType.TYPE;
    import static java.lang.annotation.RetentionPolicy.RUNTIME;
    
    @NameBinding
    @Retention( RUNTIME )
    @Target( {TYPE, METHOD} )
    public @interface Secured {
    
    }
    

    Put the annotation on the SecurityInterceptor, and resource methods

    Reply
    • Lokesh Gupta

      December 10, 2018

      Thanks for sharing !!

      Reply
  2. Ravish

    June 16, 2017

    example not running in WildFly10:

    2017-06-16 15:30:39 IST,013 WARN  [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-1) RESTEASY002155: Provider class org.jboss.resteasy.plugins.interceptors.encoding.GZIPEncodingInterceptor is already registered.  2nd registration is being ignored.
    2017-06-16 15:30:39 IST,013 WARN  [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-1) RESTEASY002155: Provider class org.jboss.resteasy.plugins.interceptors.encoding.GZIPDecodingInterceptor is already registered.  2nd registration is being ignored.
    2017-06-16 15:30:39 IST,076 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /RESTEasyEtagDemo/user-service/users/1: java.lang.RuntimeException: RESTEASY003190: Could not find constructor for class: org.jboss.resteasy.core.AsynchronousDispatcher
    	at org.jboss.resteasy.spi.metadata.ResourceBuilder.constructor(ResourceBuilder.java:692)
    	at org.jboss.resteasy.plugins.server.resourcefactory.POJOResourceFactory.registered(POJOResourceFactory.java:42)
    	at org.jboss.resteasy.core.ResourceMethodRegistry.addResourceFactory(ResourceMethodRegistry.java:208)
    	at org.jboss.resteasy.core.ResourceMethodRegistry.addResourceFactory(ResourceMethodRegistry.java:194)
    	at org.jboss.resteasy.core.ResourceMethodRegistry.addResourceFactory(ResourceMethodRegistry.java:180)
    	at org.jboss.resteasy.core.ResourceMethodRegistry.addResourceFactory(ResourceMethodRegistry.java:157)
    	at org.jboss.resteasy.core.ResourceMethodRegistry.addPerRequestResource(ResourceMethodRegistry.java:76)
    	at org.jboss.resteasy.spi.ResteasyDeployment.registration(ResteasyDeployment.java:409)
    	at org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:250)
    	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:113)
    	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
    	at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
    	at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
    	at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
    	at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:250)
    	at io.undertow.servlet.core.ManagedServlet.getServlet(ManagedServlet.java:171)
    Reply
  3. Mike

    June 2, 2017

    Do I have to provide User and Password for every request? is there any solution for session token? is it any problem versus session token? is this way better ? how do I provide the user and password like in your example?

    Thanks for your help

    Reply
  4. jitendra

    May 28, 2017

    when i run this application SecurityInterceptor class is not called . After some change this class invoked inceptor called but

    ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) requestContext.getProperty("org.jboss.resteasy.core.ResourceMethodInvoker");
    		Method method = methodInvoker.getMethod();

    on this line methodInvoker.getMethod(); throw nullpointer exception.

    Can you please help me

    Reply
  5. VaNTa

    March 3, 2017

    Any idea how can I get a full path of request (or have access to HttpRequest or ResourceMethod) without reflection hacks?

    Reply
  6. John

    October 20, 2016

    Hi,

    My Interceptor implementation is not being invoked. I have done a similar implementation.

    ~John

    Reply
  7. OULD

    July 11, 2016

    Hi,
    grate job, thanks.
    i used jersey and spring integration.
    When i called the annotated method without header i obtained the error message. but if i recall it for the new time i have a response with Status(200) and empty body !!!

    Do you have an idea ?

    Thanks

    Reply
  8. Mohan

    February 11, 2016

    @Autowired for Dao class is not working in filter implementation class. Everything else is working fine. I am using Dao class to get user information & roles from DB. So if i try to @Autowired that Dao in @Provider filter class, it is returning null. Can you help me?

    Reply
    • Lokesh Gupta

      February 11, 2016

      Use this information: http://docs.jboss.org/resteasy/ /docs/2.2.1.GA/ userguide/html/ RESTEasy_Spring_Integration.html

      Reply
      • Mohan

        February 11, 2016

        Yes i have implemented the same what is there in the above. I got DAO injected in my Resource class. I am seeing issue only in Filter implementation class.

        Thanks,
        Mohan

        Reply
  9. Ranu

    July 12, 2015

    if( ! isUserAllowed(username, password, rolesSet))
                    {
                        requestContext.abortWith(ACCESS_DENIED);
                        return;
                    }

    throws below exception. Any clue?

     SEVERE [http-nio-8080-exec-1] org.jboss.resteasy.core.ExceptionHandler. Unknown exception while executing POST /
    
     java.lang.IllegalStateException: Request was already executed at org.jboss.resteasy.core.interception.ResponseContainerRequestContext.abortWith(ResponseContainerRequestContext.java:26)
    Reply
    • Ranu

      July 12, 2015

      Above not returning the Customized Response Message but throws exception message.

      Reply
  10. Cesar Valadez

    March 24, 2015

    I saw like in the above tutorial we are passing userid/password through browser for calling secure restfull webservices. Am trying to access secure restfull using java client. Could you please give me an idea like how we can pass userid/password through java client to the restfull service to make a connection?

    Reply
    • Lokesh

      March 25, 2015

      Is it OK? Or your requirement is different?

      CredentialsProvider provider = new BasicCredentialsProvider();
      UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("user1", "user1Pass");
      provider.setCredentials(AuthScope.ANY, credentials);
      HttpClient client = HttpClientBuilder.create().setDefaultCredentialsProvider(provider).build();
       
      HttpResponse response = client.execute(new HttpGet(URL_SECURED_BY_BASIC_AUTHENTICATION));
      int statusCode = response.getStatusLine().getStatusCode();
      assertThat(statusCode, equalTo(HttpStatus.SC_OK));
      
      Reply
  11. Richard

    March 19, 2015

    What browser do you use? I have never seen the browser from your snapshot.

    Reply
    • Lokesh

      March 19, 2015

      It’s firefox plugin RESTClient for testing RESTful webservices.

      Reply
  12. ani

    February 20, 2015

    I saw like in the above tutorial we are passing userid/password through browser for calling secure restfull webservices. Am trying to access secure restfull using java client. Could you please give me an idea like how we can pass userid/password through java client to the restfull service to make a connection?

    Reply
    • Lokesh

      February 21, 2015

      I will write one client code this week.

      Reply
      • Cesar Valadez

        March 24, 2015

        Hi i have the same question, Am trying to access secure restfull using java client. Could you please give me an idea like how we can pass userid/password through java client to the restfull service to make a connection?

        Reply
  13. Chris

    November 26, 2014

    In my app I need to know a little more about the user. If I implement a ContainerRequestFilter as you’ve suggested above and populate a User object from the database, how do I pass that object to my resource?

    My User object contains details about where the user’s account is located, their configuration options, account status, and lots of other things I need to know to service the request. I’d rather not have to hit the database a second time within the /resource to get that information.

    Reply
    • Lokesh

      November 27, 2014

      You can use threadlocal. https://howtodoinjava.com/resteasy/share-context-data-with-jax-rs-resteasyproviderfactory/

      Reply
  14. Ramanuja Satya

    September 11, 2014

    Hi Lokesh,
    This is really a great example. Thanks for providing such a useful code here. I am also trying to implement restful webservice with security signing and encryption so as to add an extra layer of security on top of what SSL/https provides. Could you please provide me a n example using RESTEasy as I dont find it so easy with the documentation available for RESTEasy. I have done the same using Spring WS security and trying the same with REST . Unfortunately I am completely blocked.. Can you please help me go forward. Thanks in advance.
    Regards,
    Satya

    Reply
  15. Alexandra

    August 27, 2014

    Hi, i’ve downladed your example, but this doesn’t work for me, maybe yoy did a extra config? please help me.

    Reply
  16. Hank Ma

    August 13, 2014

    ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) requestContext.getProperty(“org.jboss.resteasy.core.ResourceMethodInvoker”); returned null for methodInvoker, do u have any idea about this?

    Reply
  17. luke

    June 25, 2014

    Hi,
    great and clear example.

    I’ve followed it , creating one get method with @PermitAll and another get method with @RolesAllowed(“ADMIN”).

    get method with @permitAll works properly, while method with @RolesAllowed(“ADMIN”) doesn’t work and this exception has been raised :

    Caused by: javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public java.lang.String …..) throws javax.naming.NamingException of bean: NfvAgWS is not allowed

    I’ve debugged it and it’s strange but in this second case all check in filter method are passed (no requestContext.abortWith are invoked).

    Can I debug check something in order to find the problem?
    thanks in advance
    l

    Reply
    • luke

      June 26, 2014

      any suggestion?
      can I debug my problem maybe implementing another class in order to itercept something that happen after SecurityInterceptor.filter(ContainerRequestContext requestContext)?

      thanks in advance
      l

      Reply
      • Lokesh

        June 26, 2014

        Hi luke, it’s really very hard for me to suggest you anything for this exception. I have also seen this exception first time. If possible, can you please post the complete (at least some more) error log here, that will be more helpful.

        Reply
        • luke

          June 26, 2014

          I’m deployed your example in WildflyAS, when I invoke rest method annotated with @RolesAllowed(“ADMIN”), following exception has been raised.
          I’ve debugged it, and I’ve verified that all controls in filter method pass correctly and requestContext.abortWith(…) are never invoked.
          I don’t know what other I can control.
          thanks in advance
          luke

          P.S.:

          Exception Raised during get operation:

          14-06-26 11:57:17,001 INFO  [org.jboss.as] (Controller Boot Thread) JBAS015874: WildFly 8.0.0.Final "WildFly" started in 55078ms - Started 1335 of 1424 services (165 services are lazy, passive or on-demand)
          2014-06-26 11:58:06,216 ERROR [org.jboss.as.ejb3.invocation] (default task-1) JBAS014134: EJB Invocation failed on component xxxWS for method public java.lang.String .....xxxWS.getMeasures(java.lang.String) throws javax.naming.NamingException: javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public java.lang.String xxxWS.getMeasures(java.lang.String) throws javax.naming.NamingException of bean: xxxWS is not allowed
          	at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:115) [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:95) [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:55) [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:326)
          	at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:448)
          	at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:326)
          	at org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
          	at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:185)
          	at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:182)
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
          	at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73)
          	at com.italtel.nm.om.ws.nfvagent.NfvAgWS$$$view24.getMeasures(Unknown Source) [classes:]
          	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_45]
          	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_45]
          	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_45]
          	at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_45]
          	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:280) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:234) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:221) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
          	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:52) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
          	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
          	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:168) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:687) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
          	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_45]
          	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_45]
          	at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
          
          2014-06-26 11:58:06,231 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /xxx/...../yyy: org.jboss.resteasy.spi.UnhandledException: javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public java.lang.String xxxWS.getMeasures(java.lang.String) throws javax.naming.NamingException of bean: xxxWS is not allowed
          	at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:149) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
          	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:52) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
          	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
          	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:168) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
          	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:687) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
          	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_45]
          	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_45]
          	at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
          Caused by: javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public java.lang.String xxxWS.getMeasures(java.lang.String) throws javax.naming.NamingException of bean: xxxWS is not allowed
          	at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:115) [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:95) [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:55) [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:326)
          	at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:448)
          	at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:326)
          	at org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
          	at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:185)
          	at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:182)
          	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
          	at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
          	at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73)
          	at com.italtel.nm.om.ws.nfvagent.NfvAgWS$$$view24.getMeasures(Unknown Source) [classes:]
          	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_45]
          	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_45]
          	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_45]
          	at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_45]
          	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:280) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:234) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:221) [resteasy-jaxrs-3.0.6.Final.jar:]
          	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356) [resteasy-jaxrs-3.0.6.Final.jar:]
          Reply
          • Lokesh

            June 26, 2014

            Can you please try this solution. Set it to false.

            <missing-method-permissions-excluded-mode>false</missing-method-permissions-excluded-mode>

            in jboss.xml.

            Reply
            • luke

              June 26, 2014

              Hi in wildfly I think I’ve to modify jboss-ejb3.xml, as suggested here:
              https://docs.jboss.org/author/display/WFLY8/Securing+EJBs

              but at the moment I’m trying to understand exactly xml schema, cause in post there only an xml fragment

              Reply
              • luke

                June 27, 2014

                Hi tried to add a WEB-INF/jboss-ejb3.xml file like this


                MyEJBName
                false

                but it seems not working..I’ve again previous exception

                thanks?
                any idea? what I’m doing wrong?

                Reply
                • Lokesh

                  June 27, 2014

                  Wrap the code inside [java-xml] tags as suggested in below note in blue.

                  Reply
                  • luke

                    June 30, 2014

                    I’m sorry:

                    
                    &amp;lt;?xml version=&amp;quot;1.1&amp;quot; encoding=&amp;quot;UTF-8&amp;quot;?&amp;gt;
                    &amp;lt;jboss:ejb-jar xmlns=&amp;quot;http://java.sun.com/xml/ns/javaee&amp;quot; 
                        xmlns:xsi=&amp;quot;http://www.w3.org/2001/XMLSchema-instance&amp;quot;
                        xsi:schemaLocation=&amp;quot;http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd http://www.oracle.com/webfolder/technetwork/jsc/xml/ns/javaee/index.html http://java.sun.com/xml/ns/javaee/ejb-jar_3_1.xsd&amp;quot;
                        xmlns:jboss=&amp;quot;http://www.jboss.com/xml/ns/javaee&amp;quot;
                        xmlns:s=&amp;quot;urn:security:1.1&amp;quot;
                        version=&amp;quot;3.1&amp;quot; impl-version=&amp;quot;2.0&amp;quot;&amp;gt;
                       
                     &amp;lt;assembly-descriptor&amp;gt;
                            &amp;lt;s:security&amp;gt;
                                
                                &amp;lt;!-- Even wildcard * is supported where * is equivalent to all EJBs in the deployment --&amp;gt;
                                &amp;lt;ejb-name&amp;gt;NfvAgWS&amp;lt;/ejb-name&amp;gt;
                    		
                                &amp;lt;s:missing-method-permissions-deny-access&amp;gt;false
                                    &amp;lt;/s:missing-method-permissions-deny-access&amp;gt;
                               	
                               &amp;lt;/s:security&amp;gt;
                        &amp;lt;/assembly-descriptor&amp;gt;
                    &amp;lt;/jboss:ejb-jar&amp;gt;
                    
                    

                    Aniway I think that missing-method-permissions-deny-access permit only to enable rest operation that aren’t annotated.

                    I’ve another problem I can’t access rest operation annotated with
                    @RolesAllowed(“ADMIN”)

                    I think the problem is that I’ve to configure in my AS( wildfly) a role named “ADMIN”….and I don’t know how to do that..

                    thanks for your help

                    Reply
                    • Lokesh

                      June 30, 2014

                      Me also not aware of this. You are at your own for now.

                    • Pieterjan van Gastel

                      September 12, 2014

                      Hello Luke,
                      I am running into the same problem. Have you found a solution?

  18. andrew

    May 5, 2014

    Hi Lokesh,

    I downloaded your source code example and followed the step you listed, the compilation was success. The problems is I don’t see any war being generated.. how do I deploy this example in tomcat?

    Reply
    • Lokesh

      May 5, 2014

      You can import project into eclipse and deploy from there in tomcat. Eclipse will generate the war file as well if you want to deploy separately. Third option is to create a project in your preferred IDE, copy all sourcecode files and then crate a war file from it.

      Reply
  19. Kevin

    May 5, 2014

    Hey there, great tutorial,

    I have a question though, while testing the first (GET) query i get the following response:
    Could not find MessageBodyWriter for response object of type: User of media type: text/html

    I also tried changing content type of the query to application/xhtml+xml and i get:
    Could not find MessageBodyWriter for response object of type: User of media type: application/octet-stream

    Any clue what might be wrong?
    (Im using wildfly with resteasy 3.0.7 + resteasy-jaxb-provider-3.0.7)

    Thanks!

    Reply
    • Lokesh

      May 5, 2014

      Probably you are not setting the request header “accept” as “application/xhtml+xml”. And make sure you have dependency of “resteasy-jaxb-provider.jar”.

      Reply
      • Kevin

        May 5, 2014

        Hi there, i set it to @Produces(MediaType.APPLICATION_JSON) and works like a charm!

        Thanks again!

        Reply
  20. Christiaan janssen

    May 5, 2014

    Is it possible to get a working example for Glassfish, please? I keep getting the following exception when I deploy the project: javax.ejb.AccessLocalException: Client not authorized for this invocation. The functions with the @PermitAll annotation work as expected. Thank you in advance.

    Reply
    • Christiaan janssen

      May 5, 2014

      Never mind, I had to use a completely different approach. For those with the same problem, you can find the solution here:

      https://stackoverflow.com/questions/7944963/glassfish-3-security-form-based-authentication-using-a-jdbc-realm

      Reply
  21. cmsantos

    March 20, 2014

    my project never call SecurityInterceptor class and it’s to big to send to you.. How can I fix this?

    Reply
    • Lokesh

      March 21, 2014

      Make sure you have added both annotations on top of class. i.e. @Provider and @ServerInterceptor. Also, resteasy scan is set to true in web.xml.

      Reply
      • cmsantos

        March 21, 2014

        I got this error now:

        Caused by: java.lang.NoClassDefFoundError: javax/ws/rs/container/ContainerRequestFilter

        Reply
        • Lokesh

          March 21, 2014

          NoClassDefFoundError in Java comes when Java Virtual Machine is not able to find a particular class at runtime which was available during compile time.
          Which server (and version) you are using? Provide me more details about your configuration.

          Reply
  22. SB

    November 13, 2013

    HiPavan
    I tried your code on tomcat but filter method of SecurityInterceptor is not getting invoked any pointers?

    Reply
    • Lokesh Gupta

      November 13, 2013

      Updated the post.

      Reply
  23. ducnm

    October 25, 2013

    Hi, when downloaded your project and try debug it, i can goto SecurityInterceptor class.
    But when i’m created new web service project anh using SecurityInterceptor, my project never call SecurityInterceptor class.
    How to fix it?

    Reply
    • Lokesh Gupta

      October 25, 2013

      Send me your code. howtodoinjava@gmail.com

      Reply
      • plpalo

        November 2, 2013

        Did you solve this issue? I’m trying your solution as well but the Interceptor’s filter method is not called. I’m using jboss 7 with resteasy 3.0.5. The @DenyAll annotation is not taken into account at all.

        Should I put some and/or tags in my web.xml file?

        Thanks for the nice tutorial.

        Reply
        • Lokesh Gupta

          November 4, 2013

          Above user didn’t shared the code. Are you able to hit interceptor with “RolesAllowed”?

          Reply
          • plpalo

            November 4, 2013

            No, it doesn’t work either way. However, I looked into the logs and it seems that my jboss uses JAX-RS 1.1 and since 2.0 is not yet supported, even though I include the RESTEasy 3.0.5. I used your previous example, with the PreProcessor and it works fine. I guess I’ll stick with it for now.

            Reply
            • Lokesh Gupta

              November 5, 2013

              Please download the sourcecode of this post and try to identify the gaps. I assure you that it is working perfect.

              Reply
          • Mike Shaffer

            November 5, 2013

            Excellent tutorial…about the only real how to out there! I’ve just converted to this final 3.0.2 version and the filter method is not being called/ContainerRequestFilter is not being invoked. Is there some secret in web.xml that I’m missing? I’m unable to access Google Docs here at work (firewall rules) so I can’t see your complete project. On the previous version, I did have to add to my web.xml with resteasy.scan as name and true as value…but this is not the case here, as far as I can tell. Any assistance would be greatly appreciated!

            Reply
            • Lokesh Gupta

              November 5, 2013

              Hey Mike, I am on vacation for next 4-5 days. I have very limited connectivity here and no-connectivity to dev tools. I will try to assist you once back to my home.

              Reply
          • plpalo

            November 5, 2013

            I can’t go any deeper with the comments so I’ll reply here. First of all, your project doesn’t import correctly in my setup. I get the following error:

            An internal error occurred during: “Importing Maven projects”.
            Unsupported IClasspathEntry kind=4

            And then none of the annotations are legal and most of the dependencies are somehow invalid.

            Like I said, I believe my jboss still uses JAX-RS 1.1 even if I add the 3.0.5 RESTeasy dependency. I get it from this message I get when deploying my server:

            JBAS011204: resteasy.scan found and ignored in web.xml. This is not necessary, as Resteasy will use the container integration in the JAX-RS 1.1 specification in section 2.3.2

            I read somewhere that RESTeasy distribution that comes with jboss is deeply connected with the distribution and it’s not that easy to change it without modifying the jboss config files, i.e. standalone.xml. Also, look here – https://issues.jboss.org/browse/JBEE-131

            Reply
            • Lokesh Gupta

              November 5, 2013

              Fair enough. Yes its not easy to change resteasy version with jboss. Regarding project does not import correctly in your setup, It is your machine specific issue and I may not be able to help you without correct understanding. So you are upto your own.
              Regarding annotations validity error, They are due to project import errors.

              Can you please be specific what you want to achieve, I will try to solve your issue when I am back on work. [Currently on holidays]

              Reply
          • plpalo

            November 5, 2013

            I know I probably could solve the import issue, although I did it on two computers with the same result 😉 I understand and follow your code but the current jboss setup simply doesn’t allow me to use it and I’m not in the position now to change it. I based my solution on your previous tutorial (using PreProcessInterceptor) and so far I’m satisfied with the authentication/authorization control I have. So thanks again for the help!

            Reply
            • Lokesh Gupta

              November 6, 2013

              Welcome

              Reply
          • plpalo

            November 8, 2013

            I found the solution to the RESTeasy version conflict. All you need to do is download the latest RESTeasy zip file and then do what the documentation says:

            3.1. Upgrading Resteasy Within JBoss AS 7

            Resteasy is bundled with JBoss AS 7. You will likely have the need to upgrade Resteasy in AS7. The Resteasy distribution comes with a zip file called resteasy-jboss-modules-3.0.5.Final.zip. Unzip this file while with the modules/ directory of the JBoss AS7 distribution. This will overwrite some of the existing files there.

            Reply
  24. Filly

    October 11, 2013

    figured it out, the solution:
    Method method = ((ExtendedUriInfo) requestContext.getUriInfo()). getMatchedResourceMethod(). getInvocable(). getHandlingMethod();

    Reply
    • Lokesh Gupta

      October 11, 2013

      Glad, you made it.

      Reply
    • Scott

      April 24, 2014

      Filly, thanks for posting this fix. i know this is a few months old but have you got this code to work for ajax calls? It works great for RESTClient but returns a generic empty wadl resource method when the request comes from ajax. Any ideas?

      Reply
  25. Filly

    October 11, 2013

    i get a nullpointerException in following line : Method method = methodInvoker.getMethod();
    because the only property in ContainerRequestContext is “org.glassfish.jersey.message.internal.TracingLogger”. but NO “org.jboss.resteasy.core.ResourceMethodInvoker”
    what am i doing wrong ?

    Reply
  26. Rakesh Waghela

    August 20, 2013

    Github repository ???

    Reply
    • Lokesh Gupta

      August 20, 2013

      I prefer google docs.

      Reply

Ask Questions & Share Feedback Cancel reply

Your email address will not be published. Required fields are marked *

*Want to Post Code Snippets or XML content? Please use [java] ... [/java] tags otherwise code may not appear partially or even fully. e.g.
[java] 
public static void main (String[] args) {
...
}
[/java]

Search Tutorials

  • Email
  • Facebook
  • RSS
  • Twitter

RESTEasy Tutorial

  • JAX-RS – Introduction
  • RESTEasy – JBoss
  • RESTEasy – Tomcat
  • RESTEasy – @Path
  • RESTEasy – HATEOAS
  • RESTEasy – SLF4J
  • RESTEasy – Log4j
  • RESTEasy – Download
  • RESTEasy – Upload (MultipartForm)
  • RESTEasy – Upload (HTTPClient)
  • RESTEasy – Custom Validation
  • RESTEasy – Hibernate Validator
  • RESTEasy – ContainerRequestFilter
  • RESTEasy – PreProcessorInterceptor
  • RESTEasy – JAXB XML
  • RESTEasy – Jettison JSON
  • RESTEasy – Jackson JSON
  • RESTEasy – ExceptionMapper

RESTEasy Client APIs

  • RESTEasy – java.net
  • RESTEasy – JAX-RS Client
  • RESTEasy – Apache HttpClient
  • RESTEasy – JavaScript API
  • RESTEasy – ResteasyClientBuilder

RESTEasy Best Practices

  • RESTEasy – Sharing Context Data
  • RESTEasy – Exception Handling
  • RESTEasy – ETag Cache control
  • RESTEasy – GZIP Compression
  • RESTful vs. SOAP

Popular Tutorials

  • Java 8 Tutorial
  • Core Java Tutorial
  • Java Collections
  • Java Concurrency
  • Spring Boot Tutorial
  • Spring AOP Tutorial
  • Spring MVC Tutorial
  • Spring Security Tutorial
  • Hibernate Tutorial
  • Jersey Tutorial
  • Maven Tutorial
  • Log4j Tutorial
  • Regex Tutorial

Meta Links

  • Advertise
  • Contact Us
  • Privacy policy
  • About Me

Copyright © 2016 · HowToDoInjava.com · All Rights Reserved. | Sitemap