Re: JSR311: Servlet spec changes for security and JSR311

From: Marc Hadley <Marc.Hadley_at_Sun.COM>
Date: Tue, 01 Apr 2008 14:12:00 -0400

On Apr 1, 2008, at 12:48 PM, Larry Cable wrote:
> sorry -1 for any reference to JSR 299.
Lets save that discussion for another time, I'm not planning to add a
reference right now.


> From: Marc Hadley
> Sent: Tue 4/1/2008 9:39 AM
> To:
> Subject: Re: JSR311: Servlet spec changes for security and JSR311
> On Apr 1, 2008, at 12:00 PM, Bill Burke wrote:
> >>>
> >> To give fine-grained control we anticipate allowing use of
> >> @RolesAllowed on resource classes, sub-resource methods and sub-
> >> resource locators
> >
> > This is the approach that I wanted to avoid....JSR311 creating its
> > own component model. EE is supposed to have an integrated platform
> > and each spec seems to want to create their own component model. I
> > mean, the only thing differentiating JAX-RS from EJB-lite will be
> > transaction demarcation/handling.
> >
> I agree, ideally we'll be able to say that a resource class can be a
> JSR 299 Web Bean and leave it at that. However that may not work out
> if the various time lines don't align so instead we'll have a section
> on expectations (rather than requirements) for a resource class in an
> EE container and then revisit that in a maintenance review once all
> the other pieces are in place. That's what I meant by "anticipate"
> above.
> Marc.
> ---
> Marc Hadley <marc.hadley at>
> CTO Office, Sun Microsystems.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:
> Notice: This email message, together with any attachments, may
> contain information of BEA Systems, Inc., its subsidiaries and
> affiliated entities, that may be confidential, proprietary,
> copyrighted and/or legally privileged, and is intended solely for
> the use of the individual or entity named in this message. If you
> are not the intended recipient, and have received this message in
> error, please immediately return this by email and then delete it.

Marc Hadley <marc.hadley at>
CTO Office, Sun Microsystems.