My initial thought was to use isUserInRole interface regardless how the user/role relationship was defined. Actually the call for isUserInRole must have the ability for an extension, so the users could override it with the specific behavior (most applications that I know, provide their own authorization mechanism, so we should be able to integrate)
Btw, I think that web.xml contains the roles definitions, while user/role relationships are defined in container. On Tue, Jul 14, 2009 at 5:58 PM, Nicholas L Gallardo <[email protected]>wrote: > Does the web.xml have stanzas for defining user/role relationships? Or > would this have to come from some other config? > > > > Nicholas Gallardo > WebSphere - REST & WebServices Development > [email protected] > Phone: 512-286-6258 > Building: 903 / 5G-016 > [image: Inactive hide details for Michael Elman <[email protected]>]Michael > Elman <[email protected]> > > > > *Michael Elman <[email protected]>* > > 07/14/2009 09:55 AM > Please respond to > [email protected] > > > To > > [email protected] > cc > > > Subject > > Re: Using @RolesAllowed for Role Based Access Control > > We have plans to support the security annotations from JSR 250. But we > didn't discuss it yet. > > On Tue, Jul 14, 2009 at 4:58 PM, Jain, Shashank > Mohan<[email protected]> wrote: > > Do we have support Role Based Access Control for different Restful > endpoints. > > Regards > > Shashank > >
