Type: New Feature
Generally speaking the existing authorization annotations in Java EE (@RolesAllowed, @RunAs, etc) are very simple, elegant and sufficient for most use cases. For more complex cases, one needs to rely on programmatic authorization and perhaps write a CDI interceptor. In addition to these options, it would be very helpful to have an authorization annotation that evaluates EL to be used in the cases between the very simple and having to write a CDI interceptor. This annotation could have some specialized EL features such as access to the principal name, role checking, authentication checking and so on. Perhaps some examples are best to illustrate the concept:
@EvaluateSecured("principalName == 'Reza'")
Do let me know if anything needs to be explained further - I am happy to help.
Please note that these are purely my personal views and certainly not of Oracle's as a company.