Context: I am running my application on JBoss AS7 community version. I am using Java API for JaxRS from jboss. (Not sure if it same as RestEasy?!) Here is my maven dependency
<dependency>
<groupId>org.jboss.spec.javax.ws.rs</groupId>
<artifactId>jboss-jaxrs-api_1.1_spec</artifactId>
<scope>provided</scope>
</dependency>
I am using a JaxRSActivator to enable JAX-RS in the application, as shown below. In my understanding this replaces the need to have servlet mapping inside web.xml
@ApplicationPath("/rest")
public class JaxRsActivator extends Application {
/* class body intentionally left blank */
}
I have created an EJB (SSB) and exposed it as a Restful service as shown below"
@Path("/Items")
@Stateless
@TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
public class ItemMgmtServiceBean {
@GET
@Path("/{id:[0-9][0-9]*}")
@Produces("text/xml")
public Item findItem(@PathParam("id")long itemId)
The REST service above runs perfectly on JBoss AS7. Please note that so far I did not have to use web.xml.
Now I want to secure this service. I want to use programmatic security inside this service to find the principal name (as per my business logic).
RestEasy documentation says that I should not switch on the context-param for EJBs.
<context-param>
<param-name>resteasy.role.based.security</param-name>
<param-value>true</param-value>
</context-param>
However it does not explain what I should use in web.xml or if I need to use web.xml at all for EJB based restful services.
Questions:
I want to use digest authentication. What steps do I need to take to enable this? .
Do I need to add a web.xml or can I change JaxRSActivator to enable security?
If I need web.xml should I remove JaxRSActivator?
What should I configure in the web.xml?
Appreciate your help.
