註解安全的tomcat的webapp

Question

我要實現的web服務安全這樣的事情 （http://docs.oracle.com/cd/E24329_01/web.1211/e24983/secure.htm - 例如對JavaEE的）

但tomcat裏面+球衣的應用。是否有可能這樣做？

據我所知，tomcat確實有annotation-api，可以在這種情況下工作。無法弄清楚如何。

package samples.helloworld; 

import javax.ws.rs.GET; 
import javax.ws.rs.Path; 
import javax.ws.rs.Produces; 
import javax.annotation.Security.RolesAllowed; 


@Path("/helloworld") 
@RolesAllowed({"ADMIN", "ORG1"}) 
public class helloWorld { 

    @GET 
    @Path("sayHello") 
    @Produces("text/plain") 
    @RolesAllows("ADMIN") 
    public String sayHello() { 
     return "Hello World!"; 
    } 
} 

Answer 1

如上面的鏈接所述，您應該保護您的Rest WebServices。 Web.xml的示例

<web-app> 
    <servlet> 
     <servlet-name>RestServlet</servlet-name> 
     <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class> 
    </servlet> 
    <servlet-mapping> 
     <servlet-name>RestServlet</servlet-name> 
     <url-pattern>/*</url-pattern> 
    </servlet-mapping> 
    <security-constraint> 
     <web-resource-collection> 
      <web-resource-name>Orders</web-resource-name> 
      <url-pattern>/orders</url-pattern> 
      <http-method>GET</http-method> 
      <http-method>POST</http-method> 
     </web-resource-collection> 
     <auth-constraint> 
      <role-name>admin</role-name> 
     </auth-constraint> 
    </security-constraint> 
     <login-config> 
      <auth-method>BASIC</auth-method> 
      <realm-name>default</realm-name> 
     </login-config> 
    <security-role> 
     <role-name>admin</role-name> 
    </security-role> 
</web-app>