I was reading about it last days and I only found this:
2.11.2. Securing JAX-RS Web Services Using Annotations
- Enable role-based security.
- Add security annotations to the JAX-RS web service.
3.8.3. Security Token Service (STS)
The Security Token Service (STS) is the core of the WS-Trust specification. It is a standards-based mechanism for authentication and authorization.
But my goal is to have a single shared security configuration. I expected that Apache CXF/JBOSSWS proviedes it but I can't found anything like this.
I want a EJB approach, not a Servlet to delegate as much as possible in the JBOSS EAP server.