Re: [Jersey] _at_ServletSecurity and Application classes?

From: Paul Sandoz <Paul.Sandoz_at_Sun.COM>
Date: Fri, 12 Feb 2010 15:10:03 +0100

Hi Moises,

Unfortunately in JAX-RS it is not possible to reuse such servlet
annotations on a class that extends Annotation. FWIW I vehemently
argued such annotations should be used but, alas, to no avail.

For portable JAX-RS applications you will need to declare the security
information in the web.xml and use the fully qualified class name of
the Application implementation as the servlet name.

Having said that i could add such features to Jersey itself :-) after
a brief look at the servlet API it looks reasonably trivial to do
(although we do need to check if there is already any exist
declaration in the web.xml). Could you log an enhancement?


On Feb 11, 2010, at 7:34 PM, Moises Lejter wrote:

> Hi!
> I found out just recently that the Servlets 3.0 spec added
> annotations (@ServletSecurity and so on) to capture security
> constraints declaratively, rather than in the web.xml file.
> As I understand it, though, Jersey doesn't understand this, yet, so
> I would need to capture such constraints on web.xml, still - but
> between @ApplicationPath and @ServletSecurity, I would not need to
> tinker with web.xml any more...
> Anyone know whether I am just behind the times, or what the plans
> might be to add such support to Jersey?
> Thank you!
> Moises