users@jersey.java.net

[Jersey] Re: user/roles provider for AAA?

From: Kristian Rink <kawazu428_at_googlemail.com>
Date: Thu, 28 Apr 2011 16:56:29 +0200

Am Thu, 28 Apr 2011 06:29:06 -0700 (PDT)
schrieb ljnelson <ljnelson_at_gmail.com>:
> Start the whole JACC mess with implementing a java.security.Policy.
> You'll want to override the implies() method. Once you've got that,
> then start reading about JACC.

As another thought, couldn't I somehow make use of JAAS and map JAAS
principals to (application specific) roles for use with @RolesAllowed
in some way? I know dealing with JAAS also is painful at times but at
least it seems less "invasive" than messing with java.security.Policy,
and it seems a bit more well-documented...

Cheers,
Kristian