Not entirely sure, if we should add classes directly into the alread
crowded "javax.security" root package (see
https://docs.oracle.com/javase/8/docs/api/java/security/package-summary.html
for Java SE 8 which we'll build upon in EE 8) but the idea feels good..
Hope some of those proposals could be gathered in the "Security Proposals"
sandbox repo or better an EDR version of the actual API;-)
Cheers,
Werner
On Sat, Jan 2, 2016 at 11:25 PM, arjan tijms <arjan.tijms_at_gmail.com> wrote:
> Hi,
>
> On Wed, Dec 30, 2015 at 12:08 PM, Rudy De Busscher <rdebusscher_at_gmail.com>
> wrote:
>
>> I would use a Principal instead of the "String getCallerName()". It also
>> has the getName() method and has the benefit that an implementation can
>> return a subtype of java.security.Principal. (as you mention)
>>
>
> I did a quick implementation of this here:
> https://github.com/arjantijms/mechanism-to-store-x/commit/b8522ee7c60de2ad2b11e00dddcd8e1a45b3e4d0
>
> For this I introduced a new type, javax.security.CallerPrincipal. It's a
> class for now, but maybe this one can better be an interface (not sure
> yet). Another thing it was contemplating is adding a wrapper type,
> e.g. javax.security.CallerPrincipalWrapper, for when an existing Principal
> needs to be used that can not be made to extend or
> implement javax.security.CallerPrincipal.
>
> I'm not 100% sure if we can add types to javax.security directly, but
> since the JSR proposed "javax.security" I guess we can.
>
> The nice thing of consistently using CallerPrincipal is also that it sort
> of standardises the Principal type used for the caller principal (something
> Java EE failed to do before). Of course to really standardise it some more
> work is needed (alignment with JASPIC, JACC, Servlet, etc).
>
> Kind regards,
> Arjan Tijms
>
>
>
>
>