Re: [jakarta.ee-community] [jakartaee-ambassadors] Re: Jakarta EE Backlo

[Andy McCright <j.andrew.mccright@xxxxxxxxx>]

> Is JAX-RS going to require CDI? I'm not sure that's a good idea. Some frameworks use those annotations without any DI. 

Yes, the plan is for JAX-RS to require CDI.  See https://github.com/eclipse-ee4j/jaxrs-api/wiki/Roadmap

JAX-RS 3.1 - PLANNED - (Q2 or Q3 2020) - Java SE Bootstrap API. Deprecating @Context: Implementors MUST provide CDI; applications MAY use CDI....

and

JAX-RS 4.0 - PLANNED (2021) - Removing @Context: Applications MUST use CDI

Can you elaborate on the drawbacks to using CDI?  The footprint (in general) should not increase since JAX-RS has its own DI framework - it's this framework that causes conflicts and increased footprint in environments where both JAX-RS and CDI are used.  By removing JAX-RS's DI framework and delegating injection to CDI, this should reduce footprint and complexity - both for vendors and users.

Thanks, 

Andy  

On Fri, Jun 19, 2020 at 12:26 PM arjan tijms <arjan.tijms@xxxxxxxxx> wrote:

Hi,

On Fri, Jun 19, 2020 at 5:53 PM Werner Keil <werner.keil@xxxxxxxxx> wrote:

Isn't there a @RolesAllowed in Jakarta Security and the idea would be to deprecate it in Jakarta REST in favor of that?

If Security needed a little more modularity or a "light" module where Authentication or Authorization may not always be required, I guess that is also something to explore.

Both Authentication and Authorization are very small SPIs, and they are exactly meant for vendors to implement a few things of so that Jakarta Security works on whatever environment. Something like say MP JWT takes about the same to implement from scratch as Jakarta Authentication or Authorization (I know, since I implemented all three ;)).

Kind regards, 

Arjan Tijms

 

_______________________________________________
jakarta.ee-community mailing list
jakarta.ee-community@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jakarta.ee-community