Skip to main content
  • Log in
  • Manage Cookies
EclipseCon - Eclipse Foundation
  • Conference
    • News
    • Registration
    • Program Schedule
    • Program List
    • Community Day
    • Keynotes
  • Sponsors
    • Our Sponsors
    • Sponsor Testimonials
    • Be a Sponsor
    • Sponsor Guidelines
  • Community
    • 2021 Speakers
    • Speaker Guidelines
    • Code of Conduct
    • Community Resources
    • Conference Guide Documents
    • Information for Speakers
  • About Us
    • EclipseCon 2021
    • Program Committee
    • The Eclipse Foundation
    • Past Conferences
    • Other Events
  • Code of Conduct
  1. Home
  2. EclipseCon
  3. EclipseCon 2021
  4. Sessions
  5. Jakarta EE Security - Sailing Safe in Troubled Waters

Jakarta EE Security - Sailing Safe in Troubled Waters

Session details
Status: 
Backup
Speaker(s): 
Werner Keil (Self Employed)
Ivar Grimstad (Eclipse Foundation)
Experience level: 
Beginner
Tags: 
JakartaEE
jakarta ee
security
Authentication
authorization
Session Track: 
Cloud Native Technologies
Session Type: 
Standard

Security in Jakarta EE has long been under used and under specified. The existing set of specifications ranged from overly complex to non-existent. The result was almost nobody used standards for security. Java EE 8 changed that with JSR 375, the Java EE Security API. Its evolution Jakarta Security facilitates portable application security that integrates with container security. Allowing an application to provide authentication mechanisms like OAuth or OpenID Connect and that mechanism is treated just like built-in container mechanisms like FORM. Existing security mechanisms like the container-based access to a URL defined by web.xml constraints, and things like @RolesAllowed and HttpServletRequest.isUserInRole automatically work as expected. It depends on CDI, and the lower level SPIs Jakarta Authentication and Jakarta Authorization.
Jakarta Authorization defines an SPI for authorization modules, which are permission repositories for subject based security by checking if a subject has given permissions, and algorithms to transform security constraints for containers including Jakarta Servlets or Enterprise Beans into these permissions. Jakarta Authentication defines an SPI for authentication that interacts with a caller and a container’s environment to obtain the caller’s credentials, validate them and pass an authenticated identity (e.g. name, groups,...) to the container.

This hands-on session is intended to get attendees up to speed with the current state of Jakarta Security specs, demonstrate Compatible Implementations like Eclipse Soteria, Eleos and Exousia as well as others including Glassfish or Tomcat. We will ask the audience for their opinion and thoughts what else they would like to see in the Jakarta EE Security specs with Jakarta EE 10 and beyond.

Objective of the presentation: 
This session is intended to get attendees up to speed with the current state of Jakarta Security specs, demonstrate compatible implementations and ask the audience for their feedback what else they would like to see in the Jakarta EE Security specs.
Attendee pre-requisites - If none, enter "N/A": 
N/A
  • Sign in to post comments.

Elite Sponsors

Premium Sponsors

Basic Sponsors

Eclipse Foundation

  • About Us
  • Contact Us
  • Sponsor
  • Members
  • Governance
  • Code of Conduct
  • Logo and Artwork
  • Board of Directors
  • Careers

Legal

  • Privacy Policy
  • Terms of Use
  • Copyright Agent
  • Eclipse Public License
  • Legal Resources

Useful Links

  • Report a Bug
  • Documentation
  • How to Contribute
  • Mailing Lists
  • Forums
  • Marketplace
EclipseCon is brought to you by The Eclipse Foundation with the support of our sponsors.
Powered by Drupal and built on COD.

Copyright © Eclipse Foundation. All Rights Reserved.

Back to the top