[jax-rs-spec users] Re: JAX-RS Security

From: Santiago Pericas-Geertsen <>
Date: Mon, 15 Dec 2014 10:20:13 -0500

On Dec 12, 2014, at 7:04 PM, Casey Lee <> wrote:

>>> On the server side aren't the JSR-250 security annotations supported
>>> by JAX-RS? Or is that only implemented by some specific vendors?
>> Not in the spec, but implementations support some annotations. Definitely an area for us to work on, but we also need to keep an eye on the new Security JSR. Hence, why we should wait a bit until diving into this.
>>> Seems that those solve course grained security (by role). We have
>>> chosen to leverage those annotations and treat OAuth 2.0 scopes as
>>> roles. Would it make sense to have a more OAuth 2.0 specific solution
>>> (@ScopesAllowed)?
>> Possibly, but this is why we need to liaison with the Security JSR to avoid duplication.
> I'd be interested in helping with this coordination with Security JSR
> if you are looking for a volunteer :)

 Actually, that would be very useful. Registering to their user's list would be the first step, I think.


-- Santiago