users@javaee-security-spec.java.net

[javaee-security-spec users] Re: [jsr375-experts] Quick question on IdentityStore annotations

From: reza_rahman <reza_rahman_at_lycos.com>
Date: Mon, 20 Mar 2017 16:29:57 -0400

The others should chime in, but I don't think there is actually a need to limit to just HTTP.
That said, the vast majority use case today is clearly HTTP.
-------- Original message --------From: Will Hopkins <will.hopkins_at_oracle.com> Date: 3/20/17 2:53 PM (GMT-05:00) To: users_at_javaee-security-spec.java.net Subject: [javaee-security-spec users] Re: [jsr375-experts] Quick question on IdentityStore annotations

    Thanks, Reza; with that and a little Googling it makes more sense
    now.

    

    Given the lack of a field to indicate the IdentityStore class name,
    I'm assuming at this point that the annotations are only useful for
    causing the built-in implementations to be instantiated (i.e., not
    an application-supplied IdentityStore)?

    

    Further, it seems like we'd be relying on CDI, not JNDI, to make the
    bean IdentityStore available.

    

    Do we want to constrain this annotation to a specific set of classes
    -- perhaps to HttpAuthenticationMechanism -- or do we expect it can
    be used anywhere?

    

    On 03/20/2017 01:50 PM, reza_rahman
      wrote:

    
    
      
      I think the model is intended to be exactly the same as
      @DatasourceDefinition, etc the way it is implemented in GlassFish
      and WildFly today. The Java EE platform specification leads Bill
      and Linda should be able to explain the model to you in detail,
      amongst others in Oracle.
      

      
      
        -------- Original message --------
        From: Will Hopkins <will.hopkins_at_oracle.com>
        Date: 3/20/17 12:36 PM (GMT-05:00)
        To: arjan tijms <arjan.tijms_at_gmail.com>,
          jsr375-experts_at_javaee-security-spec.java.net
        Subject: [javaee-security-spec users] [jsr375-experts]
          Quick question on IdentityStore annotations
        

        
      
      Arjan, et al.:

      

      How are those meant to be used? What class would be annotated
      with, e.g., LdapIdentityStoreDefinition, and what is the intended
      effect? Are they used only to configured the container-provided
      default impls? Only application-supplied impls? If the latter,
      does that mean that the container-supplied impls are always
      configured by the container (and not configurable by users)?

      

      Sorry if I'm being dense here, but don't understand the model.

      

      Thanks,

      

      Will

      --
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Application Development
35 Network Drive, Burlington, MA 01803

    
    

    --
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Application Development
35 Network Drive, Burlington, MA 01803

  
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.