Re: JSR311: Servlet spec changes for security and JSR311

From: Marc Hadley <Marc.Hadley_at_Sun.COM>
Date: Tue, 01 Apr 2008 12:39:13 -0400

On Apr 1, 2008, at 12:00 PM, Bill Burke wrote:
>> To give fine-grained control we anticipate allowing use of
>> @RolesAllowed on resource classes, sub-resource methods and sub-
>> resource locators
> This is the approach that I wanted to avoid....JSR311 creating its
> own component model. EE is supposed to have an integrated platform
> and each spec seems to want to create their own component model. I
> mean, the only thing differentiating JAX-RS from EJB-lite will be
> transaction demarcation/handling.
I agree, ideally we'll be able to say that a resource class can be a
JSR 299 Web Bean and leave it at that. However that may not work out
if the various time lines don't align so instead we'll have a section
on expectations (rather than requirements) for a resource class in an
EE container and then revisit that in a maintenance review once all
the other pieces are in place. That's what I meant by "anticipate"


Marc Hadley <marc.hadley at>
CTO Office, Sun Microsystems.