Servlet 3.0-enabled containers allows us to skip the web.xml servlet configuration and automatically scan your code for resources and providers once you extend javax.ws.rs.core.Application
, annotate it with @ApplicationPath
and do not override the getClasses()
method. (hope I got all of that right :\)
At the moment I am using the Jersey implementation and securing resource methods using @RolesAllowed
annotations. For this I need to register the org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature
Provider class, however, the only ways I'm aware of to do this is either to:
- Register the class in the
getClasses()
method of myApplication
class (which, I think, will cause the Servlet 3.0 container NOT to auto-scan) Continue to use the web.xml Jersey servlet setup with
<init-param> <param-name>jersey.config.server.provider.classnames</param-name> <param-value>org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature</param-value> </init-param>
Now the context behind this question is that I might have to switch to using RESTeasy and if I use option 1 it adds a Jersey dependency in the code and the code is no longer generic.
How do I write my code to use security annotations while maintaining generic JAX-RS code that could be deployed to another Servlet 3.0 JAX-RS implementation?