[jax-rs-spec users] [jsr339-experts] Re: Feature Proposal: Using @RolesAllowed for JAX-RS resources

From: Markus KARG <>
Date: Tue, 20 Nov 2012 21:04:01 +0100


> Thus I wonder, if one more context, similar to ResourceContext, called
> ApplicationContext or whatever that can be injected into a pre-match
> filter and provide the info about all the root resources and their
> methods, can be introduced ? This will support the case of managing all
> sort of extensions in a portable way without the app code having to
> deal with them

interesting idea. Anyways, there must be *some* solution for security
introspection: Either an automatic one as I proposed, or an injected
introspection interface like you describe above. Unless at least of of these
is provided by JAX-RS, nobody has a chance to get the needed information --
independent of whether ist transmission form being OPTIONS, X-BAR, a view,
or whatever.

So I would really, really beg for a clear definition in the JAX-RS 2.0 spec
for security introspection! :-)