I will setup a project on GitHub, but I just read an article, https://docs.wso2.com/display/AS530/Developing+JAX-RS+Applications, that seemed to say that I need to setup a SecureAnnotationsInterceptor to get Apache CXF to honor the @Roles allowed annotation. It talks about setting up a cxf-servlet.xml file with the following configuration:
<bean id="authorizationInterceptor" class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor"> <property name="securedObject" ref="serviceBean"/> </bean> <jaxrs:server id="customerService" address="/customers"> <jaxrs:inInterceptors> <ref bean="authorizationInterceptor"/> </jaxrs:inInterceptors> <jaxrs:serviceBeans> <ref bean="serviceBean"/> </jaxrs:serviceBeans> So my question is, where would I set up this configuration in a TOMEE app? Do I just put it under the WEB-INF of the app, or does it go into one of the existing files beans.xml, open-ebj-jars.xml? Thanks in advance, Mark -- View this message in context: http://tomee-openejb.979440.n4.nabble.com/restful-web-secruity-for-TOMEE-tp4676451p4676490.html Sent from the TomEE Users mailing list archive at Nabble.com.