Half of year was passed after JEE 8 has been released with web security 
enhancements, but where is only one implementation of it - Soteria, with is 
only works under JEE containers with CDI, JASPIC, JACC support enabled.
Security API is heavily use CDI, and according to specification must use 
JASPIC for authentication. 
But in OSGI environment we have services.
Security api related services like HttpAuthenticationMechanism, 
IdentityStore and SecurityContext could be easy published as an osgi 
services, and some extender could provide security handlers for it (like 
Jetty Handlers), and any consumers can consume SecurityContext (as well as 
HttpService) for authorization puproses.
So I thick its a good idea to implement security api in pax web :)

OPS4J - http://www.ops4j.org - ops4j@googlegroups.com

You received this message because you are subscribed to the Google Groups 
"OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ops4j+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to