First if this is
a road people wanted to go down then it
would first have to be deprecated from
Web profile as it is a major breaking
change so Jakarta EE 11 is too soon.
It would be deprecated in EE 11 indeed, not
yet removed as a requirement for that profile.
Second there
isn’t currently a CDI mechanism for
doing every thing that is done with
EJB-lite. Therefore I think we need to
have CDI equivalents for capabilities of
Session beans. These could be spread
between different specifications e.g.
@Pooled into concurrency.
Indeed, there's a handful of features /
services not readily available yet. Reza Rahman
enumerated them all the way back in 2012, and
that list can still be used as a tracker.
Essentially this one at the time was created in
response of Reza's list:
https://github.com/omnifaces/omniservices
It indeed contains the @Pooled. After 9 years
(7 since commit) it could be updated a little
bit, but not that much as the underlying CDI
APIs didn't change much. That one can be used as
a prototype.
Both these could be used as a starting point
to define a spec based version on.
Finally use of
the @RunAs, @RolesAllowed etc. needs to
be normalised across specs to ensure
behaviour would be equivalent on a CDI
bean as it would be on an EJB in all
specifications.
True. This had been on the radar for Security
3.0, see
https://projects.eclipse.org/projects/ee4j.es/releases/3.0
Unfortuantely it just didn't happen, but it's
there. The bar for just emulating how EJB does
it is fairly low, but we'd likely want to give
it a little more of a kick in a CDI version. For
instance, especially for Jakarta REST / JAX-RS
and potentially Servlet we probably want an
option to have an authentication mechanism
invoked when the caller appears to be not
authenticated. We might use our experience with
the @RolesAllowed interpretation in MP/JWT
there.
Ultimately it may be
possible to replace @Stateless with a
stereotype that includes a bunch of other
relevant interceptor annotations to get
the same behaviour as a Stateless EJB on a
CDI bean.
Kind regards,
Arjan Tijms