Merge "JERSEY-2132: Entity Filtering - Add support for JSON via Jackson"

Author: Marek Potociar

docs/src/main/docbook/entity-filtering.xml

@@ -3,7 +3,7 @@
 
     DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 
-    Copyright (c) 2013-2014 Oracle and/or its affiliates. All rights reserved.
+    Copyright (c) 2013-2015 Oracle and/or its affiliates. All rights reserved.
 
     The contents of this file are subject to the terms of either the GNU
     General Public License Version 2 only ("GPL") or the Common Development
@@ -44,6 +44,7 @@
     <!ENTITY % ents SYSTEM "jersey.ent" > %ents;
     <!ENTITY jersey.github.ef.example.link "<link xlink:href='&jersey.github.examples.uri;/entity-filtering'>Entity Filtering example</link>">
     <!ENTITY jersey.github.ef.security.example.link "<link xlink:href='&jersey.github.examples.uri;/entity-filtering-security'>Entity Filtering example (with security annotations)</link>">
+    <!ENTITY jersey.github.ef.selectable.example.link "<link xlink:href='&jersey.github.examples.uri;/entity-filtering-selectable'>Entity Filtering example (based on dynamic and configurable query parameters)</link>">
 ]>
 
 <chapter xmlns="http://docbook.org/ns/docbook"
@@ -900,12 +901,17 @@ public class FilteringMoxyJsonProvider extends ConfigurableMoxyJsonProvider {
                         <link linkend='json.moxy'>MOXy</link>
                     </para>
                 </listitem>
+                <listitem>
+                    <para>
+                        <link linkend='json.jackson'>Jackson (2.x)</link>
+                    </para>
+                </listitem>
             </itemizedlist>
         </para>
         <para>
             In order to use Entity Filtering in mentioned modules you need to explicitly register either
-            &jersey.message.filtering.EntityFilteringFeature; or &jersey.message.filtering.SecurityEntityFilteringFeature;
-            to activate Entity Filtering for particular module.
+            &jersey.message.filtering.EntityFilteringFeature;, &jersey.message.filtering.SecurityEntityFilteringFeature;
+            or &jersey.message.filtering.SelectableEntityFilteringFeature; to activate Entity Filtering for particular module.
         </para>
     </section>
 
@@ -922,6 +928,9 @@ public class FilteringMoxyJsonProvider extends ConfigurableMoxyJsonProvider {
                 <listitem>
                     <para>&jersey.github.ef.security.example.link;</para>
                 </listitem>
+                <listitem>
+                    <para>&jersey.github.ef.selectable.example.link;</para>
+                </listitem>
             </itemizedlist>
         </para>
     </section>

examples/entity-filtering-security/README.html

@@ -0,0 +1,190 @@
+<!doctype html>
+<!--
+
+    DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+
+    Copyright (c) 2015 Oracle and/or its affiliates. All rights reserved.
+
+    The contents of this file are subject to the terms of either the GNU
+    General Public License Version 2 only ("GPL") or the Common Development
+    and Distribution License("CDDL") (collectively, the "License").  You
+    may not use this file except in compliance with the License.  You can
+    obtain a copy of the License at
+    http://glassfish.java.net/public/CDDL+GPL_1_1.html
+    or packager/legal/LICENSE.txt.  See the License for the specific
+    language governing permissions and limitations under the License.
+
+    When distributing the software, include this License Header Notice in each
+    file and include the License file at packager/legal/LICENSE.txt.
+
+    GPL Classpath Exception:
+    Oracle designates this particular file as subject to the "Classpath"
+    exception as provided by Oracle in the GPL Version 2 section of the License
+    file that accompanied this code.
+
+    Modifications:
+    If applicable, add the following below the License Header, with the fields
+    enclosed by brackets [] replaced by your own identifying information:
+    "Portions Copyright [year] [name of copyright owner]"
+
+    Contributor(s):
+    If you wish your version of this file to be governed by only the CDDL or
+    only the GPL Version 2, indicate your decision by adding "[Contributor]
+    elects to include this software in this distribution under the [CDDL or GPL
+    Version 2] license."  If you don't indicate a single choice of license, a
+    recipient has the option to distribute your version of this file under
+    either the CDDL, the GPL Version 2 or to extend the choice of license to
+    its licensees as provided above.  However, if you add GPL Version 2 code
+    and therefore, elected the GPL Version 2 license, then the option applies
+    and therefore, elected the GPL Version 2 license, then the option applies
+    only if the new code is made subject to such option by the copyright
+    holder.
+
+-->
+<html lang="en">
+    <head>
+        <meta charset="utf-8">
+        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+
+        <title>Entity Data Filtering - Role-based Entity Filtering</title>
+
+        <!-- Bootstrap -->
+        <link href="http://netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.min.css" rel="stylesheet">
+    </head>
+    <body>
+
+        <div class="container">
+            <div class="row">
+                <div class="col-lg-offset-1 col-lg-10">
+                    <header class="page-header">
+                        <h1>Entity Data Filtering <small>Role-based Entity Filtering using security annotations</small></h1>
+                    </header>
+
+                    <p>
+                        This example demonstrates how to use entity filtering feature together with security annotations (from
+                        <code>javax.annotation.security</code> package) and how to apply them on domain classes as well as on
+                        JAX-RS resource classes or JAX-RS resource methods.
+                    </p>
+                    <p>
+                        In addition to domain classes and JAX-RS resources (with security annotations applied) there is also one
+                        (pre-matching) container request filter, <code>SecurityRequestFilter</code>. The filter sets security
+                        context for each incoming request as if the request was invoked by a user in role "manager".
+                    </p>
+                    <p>
+                        The full description how Entity Data Filtering can be found in Jersey User Guide, chapter
+                        <a href="https://jersey.java.net/documentation/latest/entity-filtering.html" target="_blank">Entity Data Filtering</a>.
+                        Sections relevant to this example (describing this exact example) are:
+                        <ul>
+                            <li><a href="https://jersey.java.net/documentation/latest/entity-filtering.html#d0e13911" target="_blank">Enabling and configuring Entity Filtering in your application</a></li>
+                            <li><a href="https://jersey.java.net/documentation/latest/entity-filtering.html#ef.security.annotations" target="_blank">Role-based Entity Filtering using (javax.annotation.security) annotations</a></li>
+                        </ul>
+                    </p>
+
+                    <h2>Contents</h2>
+
+                    <p>
+                        The mapping of the URI path space is presented in the following table:
+                    </p>
+
+                    <table class="table table-bordered">
+                        <thead>
+                            <tr>
+                                <th>URI path</th>
+                                <th>Resource class</th>
+                                <th>HTTP methods</th>
+                                <th>Allowed values</th>
+                                <th>Notes</th>
+                            </tr>
+                        </thead>
+
+                        <tbody>
+                            <tr>
+                                <td><code>/restricted-resource/denyAll</code></td>
+                                <td>RestrictedResource</td>
+                                <td>GET</td>
+                                <td>N/A</td>
+                                <td>@DenyAll annotation used - returns HTTP 403, Forbidden response</td>
+                            </tr>
+                            <tr>
+                                <td><code>/restricted-resource/permitAll</code></td>
+                                <td>RestrictedResource</td>
+                                <td>GET</td>
+                                <td>N/A</td>
+                                <td>
+                                    @PermitAll annotation used<br/>
+                                    Role-based view on RestrictedEntity class - permitAll, simpleField
+                                </td>
+                            </tr>
+                            <tr>
+                                <td><code>/restricted-resource/rolesAllowed</code></td>
+                                <td>RestrictedResource</td>
+                                <td>GET</td>
+                                <td>N/A</td>
+                                <td>
+                                    @RolesAllowed({"manager"}) annotation used, user in role "manager"<br/>
+                                    Role-based view on RestrictedEntity class - permitAll, simpleField, mixedField.managerField
+                                </td>
+                            </tr>
+                            <tr>
+                                <td><code>/unrestricted-resource</code></td>
+                                <td>UnrestrictedResource</td>
+                                <td>GET</td>
+                                <td>N/A</td>
+                                <td>
+                                    No security annotation used, user in role "manager"<br/>
+                                    Role-based view on RestrictedEntity class - permitAll, simpleField, mixedField.managerField
+                                </td>
+                            </tr>
+                        </tbody>
+                    </table>
+
+                    <p>
+                        Application is based on Grizzly container (see <code>App</code>). Everything needed (resources/providers)
+                        is registered in <code>SecurityEntityFilteringApplication</code>.
+                    </p>
+
+                    <h2>Running the Example</h2>
+
+                    <p>Run the example as follows:</p>
+                    <blockquote>
+                        <pre>mvn clean package exec:java</pre>
+                    </blockquote>
+
+                    <p>
+                        This deploys current example using Grizzly. You can access the application at:
+                        <ul>
+                            <li><a href="http://localhost:8080/unrestricted-resource">http://localhost:8080/unrestricted-resource</a></li>
+                            <li><a href="http://localhost:8080/restricted-resource/denyAll">http://localhost:8080/restricted-resource/denyAll</a></li>
+                            <li><a href="http://localhost:8080/restricted-resource/permitAll">http://localhost:8080/restricted-resource/permitAll</a></li>
+                            <li><a href="http://localhost:8080/restricted-resource/rolesAllowed">http://localhost:8080/restricted-resource/rolesAllowed</a></li>
+                            <li><a href="http://localhost:8080/restricted-resource/runtimeRolesAllowed?roles=manager,user">http://localhost:8080/restricted-resource/runtimeRolesAllowed?roles=manager,user</a></li>
+                        </ul>
+                    </p>
+
+                    <h2>Using Jackson instead of MOXy</h2>
+
+                    <p>
+                        This examples uses by default Entity Data Filtering feature together with MOXy. To switch MOXy JSON provider
+                        to Jackson (2.x) JSON provider simply
+
+                        <ul>
+                            <li>
+                                comment registration of MOXy ContextResolver, and<br/>
+                                <code>register(new MoxyJsonConfig().setFormattedOutput(true).resolver())</code>
+                            </li>
+                            <li>
+                                uncomment registration of JacksonFeature<br/>
+                                <code>register(JacksonFeature.class)</code>
+                            </li>
+                        </ul>
+
+                        in <code>SecurityEntityFilteringApplication</code> class.
+                    </p>
+
+                </div>
+            </div>
+        </div>
+
+        <script src="http://netdna.bootstrapcdn.com/bootstrap/3.0.0/js/bootstrap.min.js"></script>
+    </body>
+</html>

examples/entity-filtering-security/pom.xml

@@ -61,17 +61,21 @@
             <artifactId>jersey-server</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.glassfish.jersey.media</groupId>
-            <artifactId>jersey-media-moxy</artifactId>
+            <groupId>org.glassfish.jersey.containers</groupId>
+            <artifactId>jersey-container-grizzly2-http</artifactId>
         </dependency>
         <dependency>
             <groupId>org.glassfish.jersey.ext</groupId>
             <artifactId>jersey-entity-filtering</artifactId>
         </dependency>
 
         <dependency>
-            <groupId>org.glassfish.jersey.containers</groupId>
-            <artifactId>jersey-container-grizzly2-http</artifactId>
+            <groupId>org.glassfish.jersey.media</groupId>
+            <artifactId>jersey-media-moxy</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.glassfish.jersey.media</groupId>
+            <artifactId>jersey-media-json-jackson</artifactId>
         </dependency>
 
         <dependency>

examples/entity-filtering-security/src/main/java/org/glassfish/jersey/examples/entityfiltering/security/SecurityEntityFilteringApplication.java

@@ -1,7 +1,7 @@
 /*
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
  *
- * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013-2015 Oracle and/or its affiliates. All rights reserved.
  *
  * The contents of this file are subject to the terms of either the GNU
  * General Public License Version 2 only ("GPL") or the Common Development
@@ -41,6 +41,7 @@
 
 import javax.ws.rs.ApplicationPath;
 
+import org.glassfish.jersey.jackson.JacksonFeature;
 import org.glassfish.jersey.message.filtering.SecurityEntityFilteringFeature;
 import org.glassfish.jersey.moxy.json.MoxyJsonConfig;
 import org.glassfish.jersey.server.ResourceConfig;
@@ -60,7 +61,10 @@ public SecurityEntityFilteringApplication() {
         // Register entity-filtering security feature.
         register(SecurityEntityFilteringFeature.class);
 
-        // Configure MOXy Json provider.
+        // Configure MOXy Json provider. Comment this line to use Jackson. Uncomment to use MOXy.
         register(new MoxyJsonConfig().setFormattedOutput(true).resolver());
+
+        // Configure Jackson Json provider. Comment this line to use MOXy. Uncomment to use Jackson.
+        // register(JacksonFeature.class);
     }
 }

examples/entity-filtering-security/src/test/java/org/glassfish/jersey/examples/entityfiltering/security/RestrictedResourceTest.java

@@ -1,7 +1,7 @@
 /*
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
  *
- * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013-2015 Oracle and/or its affiliates. All rights reserved.
  *
  * The contents of this file are subject to the terms of either the GNU
  * General Public License Version 2 only ("GPL") or the Common Development
@@ -40,15 +40,23 @@
 
 package org.glassfish.jersey.examples.entityfiltering.security;
 
-import javax.ws.rs.core.Application;
+import java.util.Arrays;
+
+import javax.ws.rs.core.Feature;
 import javax.ws.rs.core.Response;
 
 import org.glassfish.jersey.examples.entityfiltering.security.domain.RestrictedEntity;
 import org.glassfish.jersey.examples.entityfiltering.security.domain.RestrictedSubEntity;
+import org.glassfish.jersey.jackson.JacksonFeature;
+import org.glassfish.jersey.message.filtering.SecurityEntityFilteringFeature;
+import org.glassfish.jersey.moxy.json.MoxyJsonFeature;
+import org.glassfish.jersey.server.ResourceConfig;
 import org.glassfish.jersey.test.JerseyTest;
 import org.glassfish.jersey.test.TestProperties;
 
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.CoreMatchers.notNullValue;
 import static org.hamcrest.CoreMatchers.nullValue;
@@ -59,14 +67,21 @@
  *
  * @author Michal Gajdos (michal.gajdos at oracle.com)
  */
+@RunWith(Parameterized.class)
 public class RestrictedResourceTest extends JerseyTest {
 
-    @Override
-    protected Application configure() {
-        enable(TestProperties.LOG_TRAFFIC);
-        enable(TestProperties.DUMP_ENTITY);
+    @Parameterized.Parameters(name = "Provider: {0}")
+    public static Iterable<Class[]> providers() {
+        return Arrays.asList(new Class[][]{{MoxyJsonFeature.class}, {JacksonFeature.class}});
+    }
 
-        return new SecurityEntityFilteringApplication();
+    public RestrictedResourceTest(final Class<Feature> filteringProvider) {
+        super(new ResourceConfig(SecurityEntityFilteringFeature.class)
+                .packages("org.glassfish.jersey.examples.entityfiltering.security")
+                .register(filteringProvider));
+
+        enable(TestProperties.DUMP_ENTITY);
+        enable(TestProperties.LOG_TRAFFIC);
     }
 
     @Test