@Retention(RUNTIME) @Target(TYPE) public @interface Authenticated

Marks a handler as requiring a valid JWT. Any bearer token that passes signature + expiry + issuer validation is accepted — no role check is performed.

For role-based access use RolesAllowed instead (it implies authentication).

Set optional = true on public routes that personalise their response when the user happens to be logged in but should remain accessible to guests. The middleware will populate ClaimsHolder if credentials are present and silently skip it otherwise — the request is never rejected.


 // Hard auth — redirects / 401 when unauthenticated:
 @Route(method = HttpMethod.GET, path = "/api/profile")
 @Authenticated
 public class GetProfile extends JacksonHandler { ... }

 // Soft auth — guest-friendly, ClaimsHolder populated only when logged in:
 @Route(method = HttpMethod.GET, path = "/")
 @Authenticated(optional = true)
 public class HomePage extends HtmlHandler { ... }

Optional Element Summary

Optional Elements

Modifier and Type

Optional Element

Description

boolean

optional

When true the middleware never rejects unauthenticated requests — it only populates ClaimsHolder when valid credentials are present.

Element Details
- optional
  
  boolean optional
  
  When true the middleware never rejects unauthenticated requests — it only populates ClaimsHolder when valid credentials are present. Defaults to false (hard authentication required).
  
  Default:
  
  false

Annotation Interface Authenticated

Optional Element Summary

Element Details

optional