Re: JAX-RS Security?

From: Marc Hadley <Marc.Hadley_at_Sun.COM>
Date: Fri, 24 Aug 2007 12:00:08 -0400

On Aug 24, 2007, at 11:45 AM, Ryan McDonough wrote:
> Sorry I'm late to the party but I've been trying to catch up on
> what has
> been going on with the development of this specification. One item I'm
> curious about is security in regards to this JSR? Is this an area
> that has
> been deemed out of scope for for the JSR, or is something that has
> not come
> up in discussions yet?
We haven't discussed security much beyond noting that its primarily
something that would typically happen before a request reaches a JSR
311 artifact. In an earlier note[1] outlining feedback Paul and I
received from an internal review I included the following:

> - Consider supporting the standard security annotations defined by
> JSR 250 and examine JSRs 196 and 115. JSR 196 offers support for
> pluggable authentication and JSR 115 for authorization. JSR 115 may
> need a revision to accommodate the more flexible URI patterns
> supported by @UriTemplate.

So I wouldn't say that security is out-of-scope for this JSR but
equally I don't think we should be re-inventing any wheels either.



Marc Hadley <marc.hadley at>
CTO Office, Sun Microsystems.