Product SiteDocumentation Site

11.7. Restricting Access Based on the Authenticated User

It is very common to restrict access to a resource based on the state of the current user. Basically, check whether he is authenticated or not.
The @LoggedIn annotation allows you to protect a bean and allow access only from previously authenticated users.
@LoggedIn
public void logout() {
	// only authenticated users can logout
}
The @LoggedIn annotation can also be used on types. In this case, all bean methods are protected:
@LoggedIn
public class MyRESTAPI() {
	
}
Accounts in PicketLink are represented by a specific type. For example, by default PicketLink provides a org.picketlink.idm.model.basic.User type to represent them. Considering that PicketLink allows you to provide your own types, the @LoggedIn can also be used to restrict which account types are allowed to perform an operation:
@LoggedIn(requiresAccount = {Employee.class, Customer.class})
Where Employee and Customer are account types, implementing the org.picketlink.idm.model.Account interface.