Can I programatically check if an endpoint has @PermitAll annotation, e.g. from its SecurityContext?
I'd like to be able to programmatically check whether or not an endpoint in my Helidon MP application has the @PermitAll annotation, e.g. from its SecurityContext or something like that. Is this possible? My reason is to be able to reuse a utility method that takes the security context and/or URI info and do some general validation on it.
For example:
@GET
@Path("/{path: .*}")
@Produces(MediaType.APPLICATION_JSON)
@PermitAll
public Response proxyGetRequests(@PathParam("path") final String path,
@Context UriInfo uriInfo,
@Context SecurityContext securityContext) {
// e.g. securityContext.permitsAll() <- or something like this?
}
-
you need interceptor for thatrkosegi– rkosegi09/01/2025 08:59:12Commented 9 hours ago
1 Answer 1
If you want to check programmatically whether an endpoint has @PermitAll, you have to inspect resource method metadata, not the SecurityContext.
Option 1: Use Reflection
Since you know the class and method, you can use reflection to see if @PermitAll is present:
Method method = this.getClass().getMethod(
"proxyGetRequests", String.class, UriInfo.class, SecurityContext.class
);
boolean hasPermitAll = method.isAnnotationPresent(PermitAll.class);
You could generalize this by looking up the ResourceMethod based on the UriInfo path and then inspecting its annotations.
Option 2: JAX-RS ResourceInfo
ResourceInfo tells you which class and method are handling the current request, so you can reflectively inspect their annotations.