Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 317759

Summary: roles and constraints need to be added after init
Product: [RT] Jetty Reporter: Greg Wilkins <gregw>
Component: serverAssignee: Jan Bartel <janb>
Status: CLOSED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: janb, jetty-inbox
Version: 7.1.4   
Target Milestone: 7.1.x   
Hardware: PC   
OS: Linux   
Whiteboard:

Description Greg Wilkins CLA 2010-06-23 20:31:06 EDT 
roles and constraints may be discovered as annotations and added as a servlet is loaded.
Comment 1 Greg Wilkins CLA 2011-02-22 23:52:31 EST 
is this now dealt with?
Comment 2 Jesse McConnell CLA 2011-05-11 12:24:44 EDT 
I see a DeclareRolesAnnotationHandler that looks for DeclareRoles annotations and adds those roles to the constraint security handler so think its resolves...

Jan, can you confirm and close or if there is something else missing here expand on it and I'll take care of it
Comment 3 Jan Bartel CLA 2011-06-30 23:26:16 EDT 
There is indeed the @DeclaresRoles annotation method implemented that will add roles to the context that can be tested with isUserInRole() method programmatically. There is also the test-annotation-webapp over on codehaus that exercises this annotation.

The @ServletSecurity annotation has also been implemented that is introspected when the Servlet class goes into use. This annotation defines constraints.

Note also that all relevant tests from the Glassfish JavaEE6 Samples project have been run against jetty-8: see http://glassfish-samples.java.net/.
Comment 4 Jan Bartel CLA 2011-06-30 23:27:21 EDT 
Fixed for jetty-8.
Comment 5 Jan Bartel CLA 2011-06-30 23:29:53 EDT 
I should have also added that @DeclaresRoles is also implemented for jetty-7. The @ServletSecurity annotation only exists in jetty-8 (as it is servlet 3.0).