According to the JBoss 7.1 Enterprise Edition, @RolesAllowed is not advised in the Resource's method, if RESTful services use EJB.
Do not activate role-based security if the application uses EJBs. The EJB container will provide the functionality, instead of RESTEasy.
I am confused about the above statement. My application is build by JAX-RS layer and EJB layer. I am resolving role in the implementation of SecurityContext isUserInRole(String role) mehod. My web.xml is empty. Does it mean I am not allowed to use @RolesAllowed on my Resource's method because my REST services use EJB under the hood?
No and @RoleAllowed does not invoke SecurityContext isUserInRole(String role) method.
Therefore, create @Namebinding annotation based filter to handle the permission by SecurityContext isUserInRole(String role) is the best way to go.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.