- The Javadoc for SecurityContext.hasAccessToWebResource() contains the following in the documentation of the resource argument: "For a full specification of this
pattern see
WebResourcePermission(String, String)". I know this isn't in the docs for the methods argument, but WebResourcePermission includes not only resource pattern but also actions (http methods). So I'd assume that the documentation of WebResourcePermission is relevant also for the methods argument
That's correct. A goal for the design of the Jakarta Security spec at the time (after exploring several alternatives) was to piggyback as much as possible on behaviour specified in the existing security related specifications (or security related sections of other specifications such as Servlet). This was done to reduce effort, keep the Jakarta Security spec small, and to "automatically" align with those other specifications.
Not explicitly mentioning the "methods" argument is indeed an omission. It was in some early draft of the javadoc, but along the way it has magically disappeared (probably my mistake when I copied it over from the try-out repos I had).
So to clarify; indeed, "String... methods" from "jakarta.security.enterprise.SecurityContext.hasAccessToWebResource()" should map to "String[] HTTPMethods", which is the 2nd parameter in "jakarta.security.jacc.WebResourcePermission.WebResourcePermission(String, String[])"
Kind regards,
Arjan Tijms
