I have followed all the steps given in Answer by pandadb in below linkHow to Optionally Protect a Resource with Custom Dropwizard Filter
I added my custom annotaion to the resource method but the custom authorisation filter is not being called.
can anyone tell me what i might have missed.
更新:-我正在使用java8的dropwizard 1.0,并使用maven构建应用.
Update:- I am using dropwizard 1.0 using java8 and building the app using maven.
首先检查此Dropwizard功能示例和 Dropwizard授权.然后,请提供更多详细信息,已经完成的操作以及正在使用的Dropwizard版本.
First of all check this Dropwizard Feature example and Dropwizard Authorization. Then please provide more details, what you have done already and what Dropwizard Version you are using.
After all I have to guess, what you have done already...
You have create your custom authorizer?
public class YourCustomAuthorizer implements Authorizer<User> {
public boolean authorize(User user, String role) {
return user.getName().equals("good-guy") && role.equals("ADMIN");
public SecretPlan getSecretPlan() {
return dao.findPlanForUser(user);
You registered the authentication and authorization classes in your application run method?
public void run(ExampleConfiguration configuration,
Environment environment) {
environment.jersey().register(new AuthDynamicFeature(
new BasicCredentialAuthFilter.Builder<User>()
.setAuthenticator(new YourCustomAuthenticator())
.setAuthorizer(new YourCustomAuthorizer())
//If you want to use @Auth to inject a custom Principal type into your resource
environment.jersey().register(new AuthValueFactoryProvider.Binder<>(User.class));
If you have done this, it should work, if your authentication is done before and is ok. If you want to authorize all GETS without authentication/autorization and authorize only POSTs for authenticated users, you can do this:
// do not add any annotations here and all users without authentication can do this GET @RolesAllowed("ADMIN")
// do not use '@Auth User user' in method params and do not annotate this method with '@Auth' if you want non authenticated users to do the GET
public SecretPlan getSecretPlan() {
return dao.findPlanForUser(user);
//here just authorized useras can do HTTP POSTs
public SecretPlan postSecretPlan() {
return dao.findPlanForUser(user);
Another problem I had in past, was that I build my application with ANT and IVY and not with Maven. This can cause several problems, if doing it wrong.
If your problem is not solved, please provide more informations than "It does not work, please help".*
这篇关于具有DynamicFeature的Dropwizard customAuthorizationFilter的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!