Hi, I'm trying to verify that we're properly supporting all the
javax.annotation.security annotations. Based on my "interpretation" of the
pertinent specs, this is what I've found relative to what application type
should support what annotations. If anyone sees anything obviously wrong with my
interpretation(s) please let me know (especially if I've missed anything
obvious). Thanks much
EJB security annotations:
@DeclareRoles
@RolesAllowed
@PermitAll
@DenyAll
@RunAs
Servlet security annotations
@DeclareRoles
@RunAs (not exactly sure why, but presumably to propagate a security
context/identity from a Web container to an EJB container and possibly
for web service endpoints implemented as servlets)
--
Thanks,
Tim McConnell
