users@jersey.java.net

Re: [Jersey] _at_Stateless + _at_RolesAllowed = ServletException/AccessLocalException

From: Witold Szczerba <pljosh.mail_at_gmail.com>
Date: Sat, 29 May 2010 02:15:21 +0200

2010/5/28 Paul Sandoz <Paul.Sandoz_at_sun.com>:
> Hi,
>
> This is missing from the Jersey/EJB/Servlet integration (and also from the
> JAX-RS spec). Can you log an issue?
>
> As a workaround you can register your own impl of
> ExceptionMapper<AccessLocalException> to map an  AccessLocalException  to a
> 401 response. However, i am not sure what the WWW-Authenticate response
> header should be as Jersey may not be able to access the information as to
> how the servlet security was configured.
>
> Paul.

Does it mean that JAX-RS as a session bean is not fully specified in
the 'security' area, or is it just not yet implemented?

Regards,
Witold Szczerba