Context: I run my application on the JBoss AS7 community version. I am using the Java API for JaxRS from jboss. (Not sure if it's the same as RestEasy ?!) Here is my maven dependency
<dependency>
<groupId>org.jboss.spec.javax.ws.rs</groupId>
<artifactId>jboss-jaxrs-api_1.1_spec</artifactId>
<scope>provided</scope>
</dependency>
I am using JaxRSActivator to enable JAX-RS in an application, as shown below. In my understanding, this replaces the need to have a servlet mapping inside web.xml
@ApplicationPath("/rest")
public class JaxRsActivator extends Application {
}
I created an EJB (SSB) and exposed it as a Restful service, as shown below.
@Path("/Items")
@Stateless
@TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
public class ItemMgmtServiceBean {
@GET
@Path("/{id:[0-9][0-9]*}")
@Produces("text/xml")
public Item findItem(@PathParam("id")long itemId)
The REST service above works fine on JBoss AS7. Please note that so far I have not needed to use web.xml.
Now I want to protect this service. I want to use software security inside this service to find the primary name (according to my business logic).
RestEasy , EJB.
<context-param>
<param-name>resteasy.role.based.security</param-name>
<param-value>true</param-value>
</context-param>
, web.xml, web.xml EJB.
:
-. , ?.
web.xml JaxRSActivator, ?
web.xml, JaxRSActivator?
web.xml?
.