[Jersey] Re: user/roles provider for AAA?

From: Martin Matula <>
Date: Fri, 29 Apr 2011 10:57:01 +0200

Other option is to handle it yourself and override the default
SecurityContext in the Jersey request. That way the @RolesAllowed
annotations applied to your resource methods will still work. You can
look at how this is done in the oauth-server module to do the
oauth-based authentication - see the filter() and getSecurityContext()
methods here:

On 28.4.2011 16:38, Kristian Rink wrote:
> Am Thu, 28 Apr 2011 07:26:07 -0700 (PDT)
> schrieb ljnelson<>:
>> The other thing about JACC is that your Policy ends up being the One
>> True Policy for the entire JVM, not just for your web application.
>> So you need to write a Policy that wraps another and delegates to it
>> as necessary.
> Yes, exactly this is what so far pretty much scared me off messing with
> altogether - it seems way too low-level and too
> global to actually deal with it. But if this is the only way, I guess
> there's not much to choose from... :/
> Cheers,
> Kristian