JAX-RS and custom authorization

Question

I\'m trying to secure the JAX-RS endpoint and am currently trying to figure out how the authentication and authorization work. Most examples are quite simple as they only piggyb

Answer 1

Disclaimer: Don't role your own security framework unless you really, really, really, need one.

Look at what the OAuth filter in Jersey does. It reads the Authorization header which holds credentials in a different format than those normally understood (HTTP Basic). It'll turn those credentials into roles which you can then use to implement security (@RolesAllowed) if you add in the Roles Allowed Filter which does the actually enforcement. Try looking at how those filters work.