java - Picketlink @RolesAllowed for roles assigned to groups -

java - Picketlink @RolesAllowed for roles assigned to groups -

am using picketlink application , appreciate if 1 help me out.

the application has many groups (admin, client service etc) , each grouping can have many roles (like create new user, create new employee, launch payroll process etc)

a user can assigned 1 or more groups, , grouping 1 or more roles. thought user assigned grouping inherit roles of group. if utilize basicmodel.hasrole user assigned group, returns true roles assigned group, expected. when using @rolesallowed annotation on rest end points, homecoming access denied exception same user. if there workaround can suggest? want @rolesallowed allow users within grouping having allowed roles pass through.

or there other annotation can use?

try 1 of these under bundle org.picketlink.authorization.annotations:

@groupsallowed

defines authorization constraint members of grouping allowed invoke method.

@loggedin

defines authorization constraint authenticated users allowed invoke method.

@partitionsallowed

defines authorization constraint checks if authenticated business relationship stored within partition.

@requireslevel

defines authorization check users same or higher level specified allowed invoke method

@requirespermission

defines authorization constraint checks if authenticated business relationship has specific permission.

@restrict

defines authorization constraint type or method using unified look language.

@rolesallowed

defines authorization constraint checks if authenticated business relationship granted 1 or more roles.

from here: http://docs.jboss.org/picketlink/2/latest/api/org/picketlink/authorization/annotations/package-summary.html

java picketlink