I need to secure a simple jersey RESTful API in a Tomcat 6.0.24 container. I'd like to keep the authentication with Basic Authentication using the tomcat-users.xml file to define the users and roles (this is for now, like I said its small).
Now, for authorization I'd like to be able to use the JSR 250 annotations like @RolesAllowed, @PermitAll, @DenyAll, etc.
I cannot for the life of me figure out how to wire this all up together.
I really don't want to go spring-security route, since I need something very simple at the current time.
Can someone point me in the right direction.
In short, how best to wire up a simple security mechanism for:
JSR 250 Annotations such as @RolesAllowed.