Hi David,
David Blevins-2 wrote > You mention Facebook Connect, which is interesting. Is there a Facebook > Connect JASPIC Provider? If so, where is the code for that? If you have > links on where to get other providers, that helps too. We have created a Facebook Connect JASPIC auth module (typically called SAM) for the OmniSecurity project (a spinoff of OmniFaces), at https://code.google.com/p/omnisecurity It's actually a generic OAuth SAM that also supports Twitter, Google+, LinkedIn, etc. See the source at: https://code.google.com/p/omnisecurity/source/browse/src/org/omnifaces/security/jaspic/SocialServerAuthModule.java One thing to note is that we wanted to use CDI so the application can provide a bean that's given the opportunity to create a local user whenever someone authenticates with e.g. Facebook. This is something JASPIC does not (yet) support so we had to work around that a little. David Blevins-2 wrote > My hesitation for immediately and blindly saying "yes" to its inclusion in > the Web Profile is simply because Java EE is full of incomplete security > APIs few people use and for which there are even fewer to no providers. I > don't know if this describes JASPIC, but it has been out there for a major > spec revision and it's not immediately clear if it has that "can't live > without" quality I expect in a Web Profile spec. I totally agree with you about the incomplete security APIs. By far the number one complaint I hear about Java EE is its security system and how it all comes together. Obviously people are not happy with it. Improvement has to happen somewhere and after working with JASPIC for over a year now I'm convinced it's a very important stepping stone to a much better and better integrated security system in Java EE. What's IMHO really holding JASPIC back at the moment is that only full Java EE implementations support it, which means you just can't really speak of truly portable auth modules. I think TomEE is one of the most important servers at the moment, so it not supporting JASPIC leaves a big gap. It really would be awesome if TomEE could support it. If you need any help with the implementation I'm more than happy to volunteer. -- View this message in context: http://openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4664628.html Sent from the OpenEJB Dev mailing list archive at Nabble.com.
