On Mon, Dec 13, 2010 at 10:35 AM, Bram de Kruijff <bdekruijff at gmail.com> wrote: > Hi Ivo, > > So somethiung allong the lines of.. > > GET /test HTTP/1.1 > 1) web container sets up security realm > 2) web container identifies principal > 3) web container checks configured security constraints > 4) rest container checks declared allowed roles against principal (optional) > 5) rest container invokes service (or not)
Just noticed Karaf has a working JAAS implementation. You may wanna look into that one: http://karaf.apache.org/45-security-framework.html grz Bram
