How do I get the @RolesAllowed annotation to work for my Web application?

Question

I am making a Web application using Backbone.js, Bootstrap, NetBeans IDE 8.0, Java EE 7, JDK 8, WildFly server 8.1.0, JBoss RESTEasy (resteasy-jaxrs-3.0.8), JBoss 2.2.22, JB

Answer 1

Based on the error "403", it seems to me that there is something wrong with your role query. Maybe, your login module doesn't assign "admin" role to your user. One thing you could do is implement a custom authentication mechanism http://undertow.io/undertow-docs/undertow-docs-1.3.0/#authentication-mechanisms (example: https://github.com/dstraub/spnego-wildfly), and modify it in such a way that you could check which roles your login module assigns to your user. Implementing custom authentication mechanism is going to take you some time, but it helps you understand better how security works in wildfly.

Other thing I had to do for my Roles annotation to work is modify standalone.xml and set your security-domain as the default one.

Also, adding those lines is a step in the right direction, as for me. Without those lines annotations @RolesAllowed don't work for me.

    resteasy.role.based.security
    true

Also, I would advice implementing security using web.xml only, and only after that is done, try adding @RolesAllowed.