On Jun 1, 2010, at 10:59 PM, Christopher Piggott wrote:
> If no roles match your resource methods marked @RolesAllowed what is
> supposed to happen? I get a blank result, but no real indication that
> it failed because of a permissions problem.
If the authenticated user is not n any of the roles declared by
@RolesAllowed then a 403 (Forbidden) response is returned.
What app/web server and client are you using?
Jersey does not include an entity in such a response so that the
developer can use an exception mapper or servlet error mapping to
customize.
Paul.