{"id":18962138,"url":"https://github.com/zandero/rest.context","last_synced_at":"2026-04-02T00:30:17.835Z","repository":{"id":57729998,"uuid":"85802377","full_name":"zandero/rest.context","owner":"zandero","description":"Security and request context for RestEasy / Guice REST API","archived":false,"fork":false,"pushed_at":"2017-05-09T13:13:10.000Z","size":20,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-01T05:16:39.977Z","etag":null,"topics":["api","guice","rest","resteasy","security"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zandero.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-03-22T08:18:01.000Z","updated_at":"2017-03-27T11:54:26.000Z","dependencies_parsed_at":"2022-09-07T20:23:47.010Z","dependency_job_id":null,"html_url":"https://github.com/zandero/rest.context","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zandero%2Frest.context","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zandero%2Frest.context/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zandero%2Frest.context/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zandero%2Frest.context/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zandero","download_url":"https://codeload.github.com/zandero/rest.context/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239958311,"owners_count":19724926,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","guice","rest","resteasy","security"],"created_at":"2024-11-08T14:15:25.012Z","updated_at":"2026-04-02T00:30:17.769Z","avatar_url":"https://github.com/zandero.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Context and security extension for RestEasy REST API \nBasic request context and security filtering implementation to be extended and utilized with any RestEasy REST API.\n\nSupports:\n* transformation of request into Java object \n* implements role based REST API security check\n\n## Setup\n```xml\n \u003cdependency\u003e      \n      \u003cgroupId\u003ecom.zandero\u003c/groupId\u003e      \n      \u003cartifactId\u003erest.context\u003c/artifactId\u003e      \n      \u003cversion\u003e1.2\u003c/version\u003e      \n \u003c/dependency\u003e\n ```\n \n## Request context\n\n### Step 1 - create authorization / request context\nBy extending the `BaseRequestContext` we create our own Request context.  \nWe can then extract data provided in the request (for instance session id in a cookie) and fill up all necessary fields.  \nThe Request context is **@RequestScoped** - unique for each request hitting the REST.\n \n```java\n@RequestScoped\npublic class MyRequestContext extends BaseRequestContext {\n\n    private final Session session; // our custom session object\n\n    /**\n     * use request to find out the context (is user logged in?)\n     * this might be a request header or query string parameter ...\n     */\n    @Inject    \n    public TestRequestContext(HttpServletRequest servletRequest) {\n    \n        super(servletRequest);\n    \n        // create session object from request\n        session = resolveSession(servletRequest);\n    }\n    \n    /**\n    * @return user making the request or null if not known\n    */\n    @Override\n    public Principal getUserPrincipal() {\n        return () -\u003e session.getUser();\n    }\n    \n    /**\n    * Checks if user is in role\n    * @param role as provided in @RolesAllowed(role) annotation\n    * @return true if user is in role, false if not\n    */\n    @Override\n    public boolean isUserInRole(String role) {\n        return session.isUserInRole(role);\n    }\n    \n    /**\n     * @return true if call is secure, false if not\n     */\n    @Override\n    public boolean isSecure() {\n    \n        return session != null;\n    }\n    \n    @Override\n    public String getAuthenticationScheme() {\n    \n        return session.getScheme();\n    }\n}\n```\n\n#### Bind correct @RequestScope \nMake sure you your @RequestScope properly bound.  \n\nUsing either: \n1. an existing plugin: `import org.jboss.resteasy.plugins.guice.RequestScoped;` and bind new org.jboss.resteasy.plugins.guice.ext.RequestScopeModule();\n1. or implement `GuiceServletContextListener` and bind it\n\n### Step 2 - bind Authorization filter and request context\n\npublic class MyRestModule extends AbstractModule {\n\n```java\n\t@Override\n\tprotected void configure() {\n\n\t\tbind(AuthorizationFilter.class);\n\t\tbind(RequestContext.class).to(MyRequestContext.class);\n\t}\n```\n\n### Step 3 - annotate REST with roles\nOnce the request/security context is in place we can annotate the REST with `@RolesAllowed` annotation.\nThe annotated `role` is provided in the `public boolean isUserInRole(String role)` context call, when checking access. \n\nIf the `public boolean isUserInRole(String role)` returns **true** the REST is executed.   \nIn case **false** is returned a **403 FORBIDDEN** response is returned.\n\n```java\n/**\n* Only accessible if user is in given \"User\" role\n*/\n@GET\n@RolesAllowed(\"User\")\n@Path(\"/private\")\npublic String getUserInfo() {\n\n    return null;\n}\n```\n\n### Step 4 - provide request context into REST\nWe can access and utilize the Request context if needed.  \n\n```java\n@Path(\"/api\")\n@Singleton\npublic class MyRestApi {\n\n    private final Provider\u003cMyRequestContext\u003e ctxProvider;\n    \n    @Inject\n    public TestRestApi(Provider\u003cMyRequestContext\u003e contextProvider) {\n    \n        ctxProvider = contextProvider;\n    }\n    \n    @GET\n    @RolesAllowed(\"User\")\n    @Path(\"/private\")\n    public String getUserInfo() {\n    \n        return ctxProvider.get().getPrincipal(); // resolved for each request ... is unique for request\n    }\n   \n```\n\n[Additional info](https://github.com/zandero/rest.context/wiki/Home)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzandero%2Frest.context","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzandero%2Frest.context","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzandero%2Frest.context/lists"}