Custom HTTP status response with JAX-RS (Jersey) and @RolesAllowed

Question

With my very simple JAX-RS service I\'m using Tomcat with JDBC realm for authentication, therefore I\'m working the the JSR 250 annotations.

The thing is that I want

Answer 1

REST is build upon HTTP so you don't have to change the default behavior of an authentication failure. Having a 403 error when accessing a resource is enough for the client to clearly understand what appends.

The more your resources are HTTP compliant, the more others can understand it.