Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jakartaee-platform-dev] Moving MicroProfile JWTtoJakartaSecurity?

That still leaves JSON and CDI not to mention the upcoming CDI Lite, MicroProfile should use in the future.

 

Von: Scott Stark
Gesendet: Freitag, 11. November 2022 16:58
An: jakartaee-platform developer discussions
Betreff: Re: [jakartaee-platform-dev] Moving MicroProfile JWTtoJakartaSecurity?

 

This just is not correct. The versions you are mentioning are due to the TCKs including dependencies on Jakarta containers. This is just another instance of the lack of an easily composable TCK infrastructure in EE and a repo where EJB tests can be added that results in TCK dependency hell.

 

The MP JWT API artifact jars only depends on JSON and CDI.

 

On Nov 11, 2022 at 9:45:27 AM, Werner Keil <werner.keil@xxxxxxx> wrote:

Or Spring Security ;-)

 

Using MP JWP in an implementing project (or even Soteria) comes with the risk of version conflicts (aka „Dependency Hell“) because currently it’s based on

<version.jakarta.authorization-api>2.0.0</version.jakarta.authorization-api>

<version.jakarta.ejb.api>4.0.0</version.jakarta.ejb.api>

And an equally old Jakarta JSON dependency.

 

If MP JWT even managed to upgrade Jakarta Authorization to 2.1 a Jakarta Security or Soteria version is likely to be ahead again, posing the risk of clashes or having to play with excludes in Maven or Gradle or another dependency Management systems to get rid of the unwanted dependencies.

 

Kind Regards,

Werner

 

Von: arjan tijms
Gesendet: Freitag, 11. November 2022 15:56
An: jakartaee-platform developer discussions
Betreff: Re: [jakartaee-platform-dev] Moving MicroProfile JWT toJakartaSecurity?

 

Hi,

 

On Fri, Nov 11, 2022 at 6:18 AM Scott Stark <starksm64@xxxxxxxxx> wrote:

It is an externally developed specification that describes a simple API for JWTs and integrations with CDI, not an implementation project. 

 

List your reasons why it cannot be consumed as such and extended in Java Security.

 

I'm not sure I follow. It's either in the Jakarta Security (not Java Security) spec or it's not. If it's not, users would have to add some implementation of MP JWT to their .war files. At that point it's not much different from adding say DeltaSpike, PrimeFaces, etc to a .war.

 

But maybe you meant something else there?

 

Kind regards,

Arjan Tijms

 

 

_______________________________________________
jakartaee-platform-dev mailing list
jakartaee-platform-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jakartaee-platform-dev

 


Back to the top