Re: doubt about the web.xml

Guillermo González de Agüero

Hi Daniel,

The @RolesAllowed annotation is not defined by JSR 375 and there was sadly not enough time to better integrate with it or provide a better alternative.

For now, @RolesAllowed are only portable on EJB components, although some servers such as Payara support them on any CDI bean AFAIK. The simpler way to use it is to annotate your resources @Stateless, or creating an interceptor and a CDI extension to tranform @RolesAllowed into an interceptor binding annotation.

Creating such extensions was greatly simplified on CDI 2.0.

El mié., 29 ago. 2018 16:12, Daniel Dias <daniel.dias.analistati@...> escribió:
Hello, Rudy, 

was what I choosed, but when I use with Jax-RS the same does not work.

was what I thought of, but when I use it with Jax-RS it will not work when I remove the web.xml and add the annotation @RolesAllowed ({USER, ADMIN}) as shown in this section:

Daniel Dias dos Santos
Java Developer
SouJava & JCP Member

Em qua, 29 de ago de 2018 às 02:14, Rudy De Busscher <rdebusscher@...> escreveu:
Hi Daniel,

web.xml is optional. The Java EE Security API spec didn't change that.

You can define for example the roles and security constraints for URLs within the web.xml, but also with annotations within code.


Join to automatically receive all group messages.