[jax-rs-spec users] [jsr339-experts] Why is there no generic Auth-Header support in JAX-RS?

From: Jan Algermissen <>
Date: Wed, 1 May 2013 13:55:18 +0200

Hi experts,

given that HTTP Authorization and WWW-Authenticate header syntaxes are defined in a generic way, independent of any specific Auth-Scheme, I wonder what the reason is that there is no support in the API for these headers. (E.g. there is for Cookie and Cache-Control and Link for example)

Can anyone remember the reason?

It's quite painful to implement and everybody seems to roll their own. Most of what I see out there is wrong and/or relies on a zillion of regexes - quite a bad situation.

In addition, it would really help code clarity if Auth 'objects' would be integrated into the API, e.g. via injection of an AuthInfo or similar.

Is this something for 2.1, maybe?