Skip to main content
  • Log in
  • Manage Cookies
EclipseCon - Eclipse Foundation
  • Conference
    • Program Schedule
    • Program List
    • Registration
  • Features
    • Community Day
    • Hacker Day
    • Dinner Meetups
    • OSGi Summit
    • Keynotes
  • Community
    • Code of Conduct
    • Health & Safety at EclipseCon
    • Community Resources
    • 2022 Speakers
    • Information for Speakers
  • Sponsors
    • Be a Sponsor
    • Information for Exhibitors
    • Our Sponsors
    • Sponsor Testimonials
  • Venue
    • Conference Venue
    • Hotels
    • Ludwigsburg
  • About Us
    • EclipseCon 2022
    • Program Committee
    • The Eclipse Foundation
    • Past Conferences
    • Other Events
  1. Home
  2. EclipseCon
  3. EclipseCon 2022
  4. Sessions
  5. Jakarta EE Security - Sailing Safe in Troubled Waters

Jakarta EE Security - Sailing Safe in Troubled Waters

Session details
Status: 
Accepted
Speaker(s): 
Werner Keil (Self Employed)
Ivar Grimstad (Eclipse Foundation)
Experience level: 
Beginner
Tags: 
jakarta ee
JakartaEE
security
Authentication
authorization
Session Type: 
Standard

Security in Jakarta EE has long been under-used and under-specified. Existing specifications ranged from overly complex to non-existent. The result: few people used security standards. Java EE 8 changed that with JSR 375. Its evolution Jakarta Security facilitates portable application security integrated with container security. Allowing applications to treat authentication mechanisms like OAuth or OpenID Connect same as built-in container mechanisms like FORM or container-based access to a URL and features like @RolesAllowed and isUserInRole automatically work as expected. It depends on CDI, and lower level SPIs Jakarta Authentication and Jakarta Authorization.

Jakarta Authorization defines an SPI for authorization based security checking if a subject has given permissions and algorithms to transform security constraints for containers including Servlets or Enterprise Beans into them. Jakarta Authentication defines an SPI for authentication that interacts with a container’s environment to obtain the caller’s credentials, validate them and pass an authenticated identity (e.g. name, groups,...) to the container.

This hands-on session is intended to get attendees up to speed with the state of Jakarta Security specs, demonstrate compatible implementations like Soteria, Exousia and others including Eclipse Glassfish or Tomcat. During Q&A we will ask the audience for their opinion and thoughts what else they would like to see in the Security specs with Jakarta EE 11 and beyond.

Slides: 
PDF icon JavaLand2022-JakartaEESecurity.pdf
Slides (External URL): 
https://speakerdeck.com/keilw/jakarta-ee-security-sailing-safe-in-troubled-water…
https://speakerdeck.com/keilw/online-summit-for-java-devs-22-jakarta-ee-security…
Objective of the presentation: 
This session is intended to get attendees up to speed with the current state of the Jakarta Security specs, demonstrate compatible implementations and ask the audience for their feedback what else they would like to see in future versions of the Jakarta EE Security specs.
Attendee pre-requisites - If none, enter "N/A": 
Knowing a bit about application security might help but not essential
Schedule info
Time: 
25 Oct 2022 - 15:15 to 25 Oct 2022 - 15:50
Room: 
Theater Stage
  • Sign in to post comments.

Elite

  • Huawei
  • IBM

Premium

  • Red Hat
  • Yatta Solutions GmbH
  • Eurotech

Basic

  • EclipseSource
  • Mercedes-Benz Tech Innovation
  • SSI Schaefer IT Solutions GmbH
  • Bosch IO GmbH
  • ARCAD Software
  • SCANOSS
  • Obeo
  • TypeFox GmbH

Media

  • GermanTechJobs

Become a Sponsor

Eclipse Foundation

  • About Us
  • Contact Us
  • Sponsor
  • Members
  • Governance
  • Code of Conduct
  • Logo and Artwork
  • Board of Directors
  • Careers

Legal

  • Privacy Policy
  • Terms of Use
  • Copyright Agent
  • Eclipse Public License
  • Legal Resources

Useful Links

  • Report a Bug
  • Documentation
  • How to Contribute
  • Mailing Lists
  • Forums
  • Marketplace
EclipseCon is brought to you by The Eclipse Foundation with the support of our sponsors.
Powered by Drupal and built on COD.

Copyright © Eclipse Foundation. All Rights Reserved.

Back to the top