Hello,
Is there any way to enforce certain security requirements (like require https?) on certain RESTful methods? I'm thinking about writing an annotation to accomplish this (with a filter?), but wanted to know if there was a better way. If I do implement it, any interest in a patch to add this functionality? Any thoughts on annotation design?
@RequireSecureChannel -> look for isSecure() method on request?
My requirements are to just return forbidden, not attempt to redirect to the secure channel. It's an API interface. I suppose I could implement it at a servlet filter, but I'd rather keep the requirement of secure/non-secure close to the method itself.
thanks,
-jr