Affects Version/s: 2.1
Fix Version/s: ice box
Operating System: All
When @RolesAllowed is declared on an session bean that is also a resource class
and then the EJB may throw a AccessLocalException if the client is not authorized.
JAX-RS implementations should map this AccessLocalException to a 401 response.
Applications will of course need to correctly set up credentials and the sharing
of those between the web and ejb containers.
It remains an open issue how a JAX-RS implementation can obtain information to
return a WWW-Authenticate response header.