Here is my use case.

I develop one API jar which I can use for server and client part to request my JAX-RS services. This contains interfaces with @Path and other javax.ws.rs annotations.
On the server part I have the concrete implementation of those interfaces.
There, I want to develop a specific security Filter using the PreProcessInterceptor and AcceptedByMethod technics to handle specific home brewed annotations on methods I want to protect.

My problem is that the AcceptedByMethod.accept and PreProcessInterceptor.preProcess receive the declaring method (the one which is annotated with @Path I suppose) and not the real one, the one that will be invoked a bit after, the one of the "target" Object in ResourceMethod.invokeOnTarget(request, response, target).

Example :

That's my interface in api.jar :

@Path("/api')
public interface RestService {
  @GET
  @Path
  public void compute() throws Exception;
}

That's my implementation in my server.war :

public class RestServiceImpl implements RestService {
  @AllowedRole(RoleType.ADMIN)
  public void compute() {
    // do the job
  }
}

My SecurityInterceptor will receive RestService.compute in ResourceMethod.getMethod() for preProcess(HttpRequest, ResourceMethod), and not RestServiceImpl.compute, so I can't retreive the @AllowedRole on that method in order to handle security...