Re: JSR311: Issue 18: XML Descriptor

From: Bill Burke <>
Date: Fri, 27 Jun 2008 07:47:24 -0400

The only reason I want an XML Descriptor is for security. Even though
our implementation uses Servlet as a default deployment model, I can't
use Servlet security in all situations because their URL expressions are
so limited. For instance the pattern cannot be matched using servlet
URL expressions:


You can't do:

*/a/b as the servlet container will just assume /*

Then of course you can't limit by media type as well.

Maybe you guys can lobby the Servlet 3.0 spec to get this changed?


Paul Sandoz wrote:
> On Jun 26, 2008, at 7:04 PM, Marc Hadley wrote:
>> What are folks use cases and requirements (if any) for an XML
>> descriptor in:
>> (a) A non-EE environment
>> (b) An EE environment
>> Do folks think we need something like the EJB metadata-complete
>> facility to make a runtime ignore all JAX-RS annotations ?
>> I'm struggling a bit since I think most RESTful services would need to
>> use JAX-RS facilities like Response, UriInfo etc and, beyond some
>> simple overriding (perhaps turning a method off or adding a media type
>> to the list of supported ones), I find it hard to imagine a realistic
>> scenario that would require specifying everything in XML metadata
>> rather than simply using annotations.
> Same here.
> From an ease of use perspective using XML descriptors is taking a big
> step backwards.
> Also i am not sure what the plans are for "EJB light" in EE 6 and the
> relation with WebBeans so perhaps we cannot answer everything until we
> know more?
> Paul.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Bill Burke
JBoss, a division of Red Hat