On 8/29/2012 9:56 AM, Marek Potociar wrote:
>> BTW, there are other possible name-bound security models beyond @RolesAllowed, I think Drools and Spring have some complex security protocols that are applicable to JAX-RS, but I haven't looked into them deeply. Just sucks that both pre-match and security make this so complex.
>
> Do you have in mind any concrete suggestion how to address that?
>
To address the complexities? I don't have anything other in mind than
what we already have: All filters (global and name-bound) are combined
and sorted unless they are @PreMatch.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com