[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jakarta.ee-community] Is Jakarta EE Security missing something?
|
Hi Arjan,
thanks for your clarifications.
Just to get a better understanding: The annotation
@OpenIdAuthenticationMechanismDefinition in Jakarta EE is just a
specification and soteria is the concrete implementation - right?
And the @OpenIdAuthenticationMechanismDefinition only defines a
browser based login process as for example the FormBased
authentication does - right?
So when I use this annotation in Wildfly or in Payara than
soteria is responsible to react on this. Which means that wen I
open a protected web resource I will be redirected to the IP
first. But when I call my protected Rest API from an external
service I will also be redirected - but this does not help me when
I am in a server process. Can you confirm this understanding?
regards
Ralph
On 23.04.25 21:48, Arjan Tijms wrote:
Hi,
I guess your answer in this forum will be that Jakarta
EE is just a specification and if I need such a feature
I can implement my own jaspi login module. But can that
really be true? Not every developer writes his own jaspi
Login module.
Certainly not. Just to get terminology right, we never
had jaspi login modules. We did support the JAAS LoginModule
(javax.security.auth.spi.LoginModule) via the bridge
profile, but this was never a good match really.
For Jakarta Security we don't use this bridgeprofile.
Authentication Mechanisms in Jakarta Security use identity
stores
(jakarta.security.enterprise.identitystore.IdentityStore).
Also, the name jaspi doesn't exist anymore (there's a
question whether it had ever existed). Since some time it's
Jakarta Authentication.
Jakarta Security depends on Jakarta Authentication by
installing a ServerAuthModule that delegates to an
HttpAuthenticationMechanism
(jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism).
This is what @OpenIdAuthenticationMechanismDefinition in
turn is based on.
Kind regards,
Arjan Tijms
I myself shy away from it, because I expect that I
will very quickly reach a point where I am no longer
platform independent.
Can anyone help me with this question? Or am I missing
an important concept of Jakarta EE all the time?
I have already written issues about this at Wildfly and
soteria and on Stackoverflow. But somehow the community
is silent on this topic.
Thanks for your help in advance
===
Ralph
--
Imixs
Software Solutions GmbH
Web: www.imixs.com
Phone: +49 (0)89-452136 16
Timezone: Europe/Berlin - CET/CEST
Office: Frei-Otto-Str. 4, 80797 München
Registergericht: Amtsgericht München, HRB 136045
Geschäftsführer: Gaby Heinle u. Ralph Soika
Imixs is an open source company, read more: www.imixs.org
_______________________________________________
jakarta.ee-community mailing list
jakarta.ee-community@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jakarta.ee-community
--
Imixs Software Solutions GmbH
Web: www.imixs.com Phone:
+49 (0)89-452136 16
Timezone: Europe/Berlin - CET/CEST
Office: Frei-Otto-Str. 4, 80797 München
Registergericht: Amtsgericht München, HRB 136045
Geschäftsführer: Gaby Heinle u. Ralph Soika
Imixs is an open source company,
read more: www.imixs.org