Do you know, if there is the possibility to check who is calling a method and to restrict whether they are allowed to execute it with Java Annotations?

For example if you have a client and a server. There are several users, which have different roles and they login into the client. Then (the same client) with different users wants to call a getMethod on the server.

Can I restrict, who is allowed to call this methos with Java Annotations?

Like:

@Role(role="AllowedRole")
public ReturnType getMethod() {
   ...
}

Well, I used to achieve this with Seam/DeltaSpike in JBoss Server. It's pretty straightforward.

Basically, you have a method which you annotate with your annotation. For example, mine is @User:

public class MyClass {
    @User
    public Object getMethod() {
        //implementation
    }
}

Next, you need a class where you define how you check your annotations:

public class Restrictions {

    @Secures @User
    public boolean isOk(Identity identity) {
        if (identity.getUsername("Peter")) {
            return true;
        }
        return false;
    }
}

That's it! Ofcourse, you need some libraries and to define these intercepting stuff in certain xml files (like beans.xml) but it can be easily done with a little googling.

Start from these links:

• Seam framework
• Questions I asked on JBoss community when I was starting with this

Annotations do not include code and are not processed magically. They just define metadata, so you need some kind of engine that processes the annotations and performs the access validation.

There are a lot of frameworks and tools that do this. For example you can implement this using AspectJ, Spring framework and Java EE support similar annotations.

You can also implement this logic yourself using dynamic proxy, byte code engineering or other technique.

So, please explain better what kind of application are you implementing and we can probably give you better advice.

This seems to be a good case for Method Security of Spring Security.