IMHO, when I'm using @RolesAllowed (JSR 250) for a managed bean having annotations due to CDI 1.0, then @RolesAllowed isn't applied to check authorization. However, using @RolesAllowed for a session bean (EJB 3.x), then authorization is checked. Therefore, my question is whether @RolesAllowed will be considered in CDI 1.1 (or Weld 2.x).
I guess DeltaSpike will provide a security mechanism similiar to Seam Security.
|Retrieving data ...|