Securing JAX-RS in a bundle

I am creating a REST service in glassfish (which uses Jersey as the JAX-RS impl.). I want to deploy my service as an OSGI bundle which works fine, I add the "Web-ContextPath:" in the manifest and then use开发者_Python百科 an annotated @javax.ws.rs.ApplicationPath application object. This all makes the service usable but then, I want to use container based security. I found I can use security contrains in a web.xml and then do the user-to-role mappings in sun-web.xml. That said, a OSGI bundle does not have either.

Is there a set of annotations and or parameters to the manifest where I can specify application roles, security constrains and role-user mappings (I think the latter can just be globally configured)?

Thanks!

Here's how I would try this:

1. Use a library that would automatically detect OSGi services with specific annotations, and translate them to REST resources. For Jersey, you could try this: https://github.com/hstaudacher/osgi-jax-rs-connector

2. Use OSGi embedded application server like jetty (or tomcat) which provides the OSGi HTTP Service implementation.

3. Configure Jetty/Tomcat. This should be easy now as the Jetty/Tomcat bundles can pick up configurations from the configuration area.

It would also save a lot of time to use Karaf which would do all the packaging related work for you, including providing features like embedded Jetty with externalized configurations, etc. But that's totally up to you.