[Jersey] user/roles provider for AAA?

From: Kristian Rink <>
Date: Thu, 28 Apr 2011 15:07:59 +0200


being through deploying a bunch of REST services using
Jersey/Glassfish 3.1 with an apache2 in front of this mess, I am now
into dealing with authentication, authorization, this kind of stuff.
At the moment I am using .htaccess inside the apache2, but somehow I
think making use of facilities provided by Glassfish/Jersey in order to
get things secured. More accurately, I would like to...

- ... set up my applications to enforce (by now) basic HTTP
  authentication _anytime_ any of the REST resources is being accessed,

- ... use @RolesAllowed in order to outline which methods might be used
  by which user in which way.

So far, so good. However, the only documentation I so far found is
about either defining roles and users in web.xml or setting up a
container-sided JAAS (Jdbc, ...) realm for fetching user information.
Both, however, is not what I want / need / can make use of as, in our
environment, user/role information are to be provided by a legacy
backend which just can be reached through a bunch of obscure glue code.

So to ask: Is there any straightforward documentation on how to provide
custom data access services / authenticators to make Glassfish/Jersey
authentication / roles resolution make use of our custom user structure?

TIA and all the best,