Experts,
possibly I (again) missed an already finished discussion (I am happy if you
send an archive URL in that case).:
I want to ask whether there are plans to integrate JAX-RS 2.0's automatic
creation of "Allow:" (as a rection to OPTIONS) with Java EE's security
annotations like "@RolesAllowed"?
Example:
Given the following EJB-integrated JAX-RS resource.
@Path("/stats") @Stateless class UserStatistics {
@GET @RolesAllowed("Administrators") public getSomeInteresticMetrics() {.}
}
.will the automatic OPTIONS response provided by a compliant JAX-RS
implementation have to automatically omit "GET" in case the caller is not
authenticated and authorized as an Administrator?
If not, this would be a really brilliant addition the the EJB-integration
chapter of the spec, as it allows client applications to prevent a GET
invocation completely, hence show a "disabled" GUI or suppress a senseless
network roundtrip. :-)
Regards
Markus