views:

786

answers:

1

I need to secure a simple jersey RESTful API in a Tomcat 6.0.24 container. I'd like to keep the authentication with Basic Authentication using the tomcat-users.xml file to define the users and roles (this is for now, like I said its small).

Now, for authorization I'd like to be able to use the JSR 250 annotations like @RolesAllowed, @PermitAll, @DenyAll, etc.

I cannot for the life of me figure out how to wire this all up together.

I really don't want to go spring-security route, since I need something very simple at the current time.

Can someone point me in the right direction.

+4  A: 

I did a blog entry on this topic since it is quite lengthy... you can find it here: http://www.ericonjava.com/?p=325

Eric W