Other option is to handle it yourself and override the default
SecurityContext in the Jersey request. That way the @RolesAllowed
annotations applied to your resource methods will still work. You can
look at how this is done in the oauth-server module to do the
oauth-based authentication - see the filter() and getSecurityContext()
methods here:
http://java.net/projects/jersey/sources/svn/content/trunk/jersey/contribs/jersey-oauth/oauth-server/src/main/java/com/sun/jersey/oauth/server/api/OAuthServerFilter.java?rev=4895
Martin
On 28.4.2011 16:38, Kristian Rink wrote:
> Am Thu, 28 Apr 2011 07:26:07 -0700 (PDT)
> schrieb ljnelson<ljnelson_at_gmail.com>:
>
>> The other thing about JACC is that your Policy ends up being the One
>> True Policy for the entire JVM, not just for your web application.
>> So you need to write a Policy that wraps another and delegates to it
>> as necessary.
> Yes, exactly this is what so far pretty much scared me off messing with
> java.security.Policy altogether - it seems way too low-level and too
> global to actually deal with it. But if this is the only way, I guess
> there's not much to choose from... :/
>
> Cheers,
> Kristian