RE: JSR311: Servlet spec changes for security and JSR311

From: Larry Cable <>
Date: Tue, 1 Apr 2008 09:48:06 -0700

sorry -1 for any reference to JSR 299.

From: Marc Hadley
Sent: Tue 4/1/2008 9:39 AM
Subject: Re: JSR311: Servlet spec changes for security and JSR311

On Apr 1, 2008, at 12:00 PM, Bill Burke wrote:
>> To give fine-grained control we anticipate allowing use of
>> @RolesAllowed on resource classes, sub-resource methods and sub-
>> resource locators
> This is the approach that I wanted to avoid....JSR311 creating its
> own component model. EE is supposed to have an integrated platform
> and each spec seems to want to create their own component model. I
> mean, the only thing differentiating JAX-RS from EJB-lite will be
> transaction demarcation/handling.
I agree, ideally we'll be able to say that a resource class can be a
JSR 299 Web Bean and leave it at that. However that may not work out
if the various time lines don't align so instead we'll have a section
on expectations (rather than requirements) for a resource class in an
EE container and then revisit that in a maintenance review once all
the other pieces are in place. That's what I meant by "anticipate"


Marc Hadley <marc.hadley at>
CTO Office, Sun Microsystems.
To unsubscribe, e-mail:
For additional commands, e-mail:
Notice:  This email message, together with any attachments, may contain information  of  BEA Systems,  Inc.,  its subsidiaries  and  affiliated entities,  that may be confidential,  proprietary,  copyrighted  and/or legally privileged, and is intended solely for the use of the individual or entity named in this message. If you are not the intended recipient, and have received this message in error, please immediately return this by email and then delete it.