On Jun 3, 2014, at 8:50 AM, arjan tijms <arjan.tijms_at_gmail.com> wrote:
> Hi,
>
> On Mon, Jun 2, 2014 at 12:58 PM, Marek Potociar <marek.potociar_at_oracle.com> wrote:
> I would however also would like to know what are the things that you would like to see in JAX-RS.next?
>
> I know the question was addressed to Bill, but I like to add my 2 cents if that's okay ;)
>
> What about deprecating @Context and moving everything to @Inject? This is the direction other parts of the platform are moving into as well (specifically JSF and in a certain way EJB).
Yes, already in the draft proposal.
>
> I also like to propose to investigate if some of the security related types can be moved out of JAX-RS and into a new security related specification.
>
> As it stands a number of specs have their own security types now. JAX-RS has SecurityContext (http://docs.oracle.com/javaee/7/api/javax/ws/rs/core/SecurityContext.html) with a method to get the user/caller principal and test whether the user is in a given role, while EJB has the EJBContext (http://docs.oracle.com/javaee/7/api/javax/ejb/EJBContext.html) with two identical methods.
There are some discussions about a new security JSR that may impact the way we do security across the platform. Hopefully, it will simplify and improve the way we do things in JAX-RS. As far as your "moving" suggestion, this is always very difficult to do due to backward compatibility concerns.
>
> I'd love to see a platform wide SecurityContext that can be injected via @Inject and which would be usable by all types of beans.
Yes, indeed.
-- Santiago