On Mar 25, 2010, at 7:49 PM, Ersin Er wrote:
> It's already provided in standard application servers (via the EJB
> container I guess). They can be provided by any means in fact, for
> example by Spring Security. They don't have much to do with JAX-RS.
>
Right, if you were using EJBs as resource classes it is already
supported.
Otherwise, if you are just using POJOs as resource classes the filter
is required.
I cannot recall if @RolesAllowed is supported on CDI managed beans.
Paul.
> On Thu, Mar 25, 2010 at 19:49, Moises Lejter <moilejter_at_gmail.com>
> wrote:
> Hmm - I don't remember having to set up such a filter, when I played
> around with @RolesAllowed on a JAX-RS resource deployed onto
> GlassFish...
>
> Is this filter only needed on non-JavaEE6 containers? (And if so,
> would you mind sharing how it figures things out automatically on
> GF, but not on Tomcat? I'm just curious :-) )
>
> Moises
>
> On Mar 25, 2010, at 4:42 AM, Paul Sandoz wrote:
>
> > To enable the use of @RolesAllowed on say tomcat you need to
> declare the following request filter:
> >
> > https://jersey.dev.java.net/nonav/apidocs/latest/jersey/com/sun/jersey/api/container/filter/RolesAllowedResourceFilterFactory.html
> >
> > in your web.xml.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>
>
>
>
> --
> Ersin ER
> http://www.ersiner.net