Re: [Jersey] _at_ServletSecurity and Application classes?

From: Paul Sandoz <Paul.Sandoz_at_Sun.COM>
Date: Fri, 12 Feb 2010 15:12:33 +0100

On Feb 12, 2010, at 3:10 PM, Paul Sandoz wrote:

> Hi Moises,
> Unfortunately in JAX-RS it is not possible to reuse such servlet
> annotations on a class that extends Annotation.



> FWIW I vehemently argued such annotations should be used but, alas,
> to no avail.
> For portable JAX-RS applications you will need to declare the
> security information in the web.xml and use the fully qualified
> class name of the Application implementation as the servlet name.
> Having said that i could add such features to Jersey itself :-)
> after a brief look at the servlet API it looks reasonably trivial to
> do (although we do need to check if there is already any exist
> declaration in the web.xml). Could you log an enhancement?
> Paul.
> On Feb 11, 2010, at 7:34 PM, Moises Lejter wrote:
>> Hi!
>> I found out just recently that the Servlets 3.0 spec added
>> annotations (@ServletSecurity and so on) to capture security
>> constraints declaratively, rather than in the web.xml file.
>> As I understand it, though, Jersey doesn't understand this, yet, so
>> I would need to capture such constraints on web.xml, still - but
>> between @ApplicationPath and @ServletSecurity, I would not need to
>> tinker with web.xml any more...
>> Anyone know whether I am just behind the times, or what the plans
>> might be to add such support to Jersey?
>> Thank you!
>> Moises
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail: