[jira] [Work logged] (TOMEE-4351) Jakarta Security 3.0

Wed, 12 Jun 2024 03:57:03 -0700 


     [ 
https://issues.apache.org/jira/browse/TOMEE-4351?focusedWorklogId=923118&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-923118
 ]

ASF GitHub Bot logged work on TOMEE-4351:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 12/Jun/24 10:56
            Start Date: 12/Jun/24 10:56
    Worklog Time Spent: 10m 
      Work Description: jungm commented on PR #1178:
URL: https://github.com/apache/tomee/pull/1178#issuecomment-2162710500

   what really needs a closer look and maybe needs to be discussed:
   
   - JWT Validation is using jose.4.j, this introduces a new dependency in all 
tomee flavours (wasn't in webprofile before). Maybe it needs to be added in 
some notice file?
   - Spec mentions a special variable that can be used in the annotation: 
${baseURL}, I implemented this with producing an @Named String
   - I built a basic delegate in 
OpenIdAuthenticationMechanismDefinitionDelegate that automatically resolves the 
configuration from the openid provider
   - SavedRequest (originally from @LoginToContinue) has been rewritten so I 
can serialize it for use in cookies
   - Spec is ambiguous on how to handle subjectTypeSupported, 
idTokenSigningAlgorithmsSupported and responseTypeSupported (See 
CompositeOpenIdProviderMetadata). A user can override these, but it's not 
obvious if that has been done or not. I handled these the same way soteria 
does, but it's probably worth a spec issue in the future?
   - Requests to openid provider are done using JAX-RS Client, maybe we want to 
use something else in TomEE? Really the only reason I chose this was because 
it's convenient 
   
   (See https://lists.apache.org/thread/sghf41f1z75gpnhpf236o1lrj1sl4vr8 for 
whole thread on mailing list)




Issue Time Tracking
-------------------

    Worklog Id:     (was: 923118)
    Time Spent: 1h 10m  (was: 1h)

> Jakarta Security 3.0
> --------------------
>
>                 Key: TOMEE-4351
>                 URL: https://issues.apache.org/jira/browse/TOMEE-4351
>             Project: TomEE
>          Issue Type: New Feature
>            Reporter: Richard Zowalla
>            Assignee: Markus Jung
>            Priority: Major
>             Fix For: 10.0.0-M2
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> as the title says. Mainly OIDC



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to