Half of year was passed after JEE 8 has been released with web security enhancements, but where is only one implementation of it - Soteria, with is only works under JEE containers with CDI, JASPIC, JACC support enabled. Security API is heavily use CDI, and according to specification must use JASPIC for authentication. But in OSGI environment we have services. Security api related services like HttpAuthenticationMechanism, IdentityStore and SecurityContext could be easy published as an osgi services, and some extender could provide security handlers for it (like Jetty Handlers), and any consumers can consume SecurityContext (as well as HttpService) for authorization puproses. So I thick its a good idea to implement security api in pax web :)
-- -- ------------------ OPS4J - http://www.ops4j.org - ops4j@googlegroups.com --- You received this message because you are subscribed to the Google Groups "OPS4J" group. To unsubscribe from this group and stop receiving emails from it, send an email to ops4j+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
