[jax-rs-spec users] Re: [jsr339-experts] Re: Re: MVC

From: Santiago Pericas-Geertsen <>
Date: Tue, 3 Jun 2014 10:54:35 -0400

On Jun 3, 2014, at 8:50 AM, arjan tijms <> wrote:

> Hi,
> On Mon, Jun 2, 2014 at 12:58 PM, Marek Potociar <> wrote:
> I would however also would like to know what are the things that you would like to see in
> I know the question was addressed to Bill, but I like to add my 2 cents if that's okay ;)
> What about deprecating @Context and moving everything to @Inject? This is the direction other parts of the platform are moving into as well (specifically JSF and in a certain way EJB).

 Yes, already in the draft proposal.

> I also like to propose to investigate if some of the security related types can be moved out of JAX-RS and into a new security related specification.
> As it stands a number of specs have their own security types now. JAX-RS has SecurityContext ( with a method to get the user/caller principal and test whether the user is in a given role, while EJB has the EJBContext ( with two identical methods.

 There are some discussions about a new security JSR that may impact the way we do security across the platform. Hopefully, it will simplify and improve the way we do things in JAX-RS. As far as your "moving" suggestion, this is always very difficult to do due to backward compatibility concerns.

> I'd love to see a platform wide SecurityContext that can be injected via @Inject and which would be usable by all types of beans.

 Yes, indeed.

-- Santiago