There is a sample in the javaee5tutorial
(examples/jaxws/helloservice-basicauth) that uses the @RolesAllowed
annotation in an annotated web service inside a web application. It
also has a security-role-mapping for the role name defined in sun-web.xml.
However, JSR-244 Table EE-6.6 specifies that @RolesAllowed is not
supported in the web container. Neither JSR-154 or JSR-181 seem to
discuss this.
So is the example wrong, or is the spec wrong?
If the example works (I haven't confirmed that it does) but the spec is
correct that this annotation is not supported, does that mean that
Glassfish has a spec extension that is allowing this to work?
-Peter