Hi,
Do we need to declare a jax-rs resource class as
EJB to have the role based security???
I was going through the question from enthuware and encountered the following question:
There is a RESTful Web Service that adds two numbers. We want to secure this Web Service in order to only allow users in the role "student". What is the correct JAX-RS root resource class to implement this requirement? Assume that there is a security constraint in the web deployment descriptor that allows "student" and "teacher" to access the URL.
and the correct answer for this was:
@ApplicationPath("jax")
@Path("rs")
@Stateless
@RolesAllowed("student")
public class AdditionService extends Application {
@GET
@Path("/add/{num1}/{num2}")
public
String addp(@PathParam("num1") int num, @PathParam("num2") int num2){
return "" + (num+num2); }
}
the option that i selected was wrong and it showed explanation: "Note that the root resource class is not an EJB, therefore role-based security does not work".
i tried to search through internet to find if it is necessary to have declared it as ejb but couldn't find anything concrete. Please anyone verify this or provide some link for this.
Regards,
bkthakur