Hi folks, Work is progressing.
I’ve added a good chunk of the API (as needed) to allow me to proceed. I’ve tried to use the Jakarta Security API jar. Unfortunately, it is full of dependencies to the other Jakarta dependent projects, some not in central yet, so I couldn’t even build the project. At the moment, I’ve added the structure to register a JASPIC provider to serve as a bride to the Security implementation code. With a CDI extension, we can register the required AuthenticationMechanisms and then look them up to delegate the authentication code. I’ve also wrote a default IdentityStoreHandler to validate user credentials and retrieve user groups. This is just going through the container registered IdentityStores and using the spec rules to identify the credentials. Right now, I’m just calling this TomEE Security. If someone has a more fancy idea for a name, feel free to suggest it :) Cheers, Roberto > On 14 Dec 2018, at 23:44, Roberto Cortez <radcor...@yahoo.com.INVALID> wrote: > > Hi folks, > > I’ve now created a PR to push the work: > https://github.com/apache/tomee/pull/277 > <https://github.com/apache/tomee/pull/277> > > It is still in the early stages. I’ve just spent a good amount of time trying > to understand the spec. The ideia here is that with a ServerAuthModule we > could verify each of the spec authentication mechanisms that will be > implemented with a CDI Bean and use a CDI Extension to create the bean > depending on the annotation you use. > > Cheers, > Roberto > >> On 13 Dec 2018, at 16:06, Roberto Cortez <radcor...@yahoo.com.INVALID> wrote: >> >> Hi folks, >> >> I’ve created https://jira.apache.org/jira/browse/TOMEE-2365 >> <https://jira.apache.org/jira/browse/TOMEE-2365> to implement the Java EE >> Security API that came up in EE 8. We are missing this spec implementation, >> and until we have it we cannot even say we are EE 8 compatible. >> >> I plan to start working on this. If anyone wants to collaborate with me, let >> me know. >> >> Cheers, >> Roberto >
