This topic has not yet been written. The content below is from the topic description.
Chapter 36. Securing JAX-RS and RESTeasy Because Resteasy is deployed as a servlet, you must use standard web.xml constraints to enable authentication and authorization. Unfortunately, web.xml constraints do not mesh very well with JAX-RS in some situations. The problem is that web.xml URL pattern matching is very very limited. URL patterns in web.xml only support simple wildcards, so JAX-RS resources like: /{pathparam1}/foo/bar/{pathparam2} Cannot be mapped as a web.xml URL pattern like: /*/foo/bar/* To get around this problem you will need to use the security annotations defined below on your JAX-RS methods. You will still need to set up some general security constraint elements in web.xml to turn on authentication. Resteasy JAX-RS supports the @RolesAllowed, @PermitAll and @DenyAll annotations on JAX-RS methods.