users@javaee-security-spec.java.net

[javaee-security-spec users] Re: [jsr375-experts] Re: Events for login/logout

From: Bill Shannon <bill.shannon_at_oracle.com>
Date: Fri, 31 Mar 2017 13:23:03 -0700

We're actively working on the plan to move all our active java.net projects to a
new home. Details to come once all Oracle approvals are in place. Yes, we know
this is late...

arjan tijms wrote on 03/31/17 12:24 PM:
> Hi,
>
> The JACC and JASPIC repos are basically GlassFish, right? Especially JASPIC is
> a little hard to implement as a RI, since it more or less tells a Servlet
> container or EJB container (for SOAP) what to do.
>
> But GlassFish still isn't officially on GitHub, is it?
>
> Kind regards,
> Arjan Tijms
>
>
> On Fri, Mar 31, 2017 at 9:01 PM, Will Hopkins <will.hopkins_at_oracle.com
> <mailto:will.hopkins_at_oracle.com>> wrote:
>
> My understanding is the jacc and jaspic repos are currently on github and
> will be kept (or in the case of the framemaker spec source, kept in an
> internal repository).
>
>
> On 03/31/2017 12:19 PM, arjan tijms wrote:
>> Hope so :O
>>
>> On Fri, Mar 31, 2017 at 3:56 PM, Werner Keil <werner.keil_at_gmail.com
>> <mailto:werner.keil_at_gmail.com>> wrote:
>>
>> Created 30/Apr/13, that was 4 years before the day, java.net
>> <http://java.net> hosting will go down for many projects.
>>
>> Hoping, the JASPIC SPEC also being Sun/Oracle led will remain after
>> April 30?;-)
>>
>> Kind Regards,
>> Werner
>>
>>
>>
>>
>> On Fri, Mar 31, 2017 at 2:35 PM, arjan tijms <arjan.tijms_at_gmail.com
>> <mailto:arjan.tijms_at_gmail.com>> wrote:
>>
>> Hi,
>>
>> One of the things that were discussed early on, but till so far
>> hasn't seen much followup is throwing (CDI) events when the
>> caller is authenticated (logs in) and logs out.
>>
>> See this issue: https://java.net/jira/browse/JASPIC_SPEC-21
>> <https://java.net/jira/browse/JASPIC_SPEC-21>
>>
>> I also wrote an article about this a couple of years ago:
>>
>> http://arjan-tijms.omnifaces.org/2012/12/bridging-undertows-authentication.html
>> <http://arjan-tijms.omnifaces.org/2012/12/bridging-undertows-authentication.html>
>>
>> An example of how these events can be used in practice is shown
>> here:
>>
>> https://github.com/javaeekickoff/java-ee-kickoff-app/blob/master/src/main/java/org/example/kickoff/model/producer/ActiveUserProducer.java
>> <https://github.com/javaeekickoff/java-ee-kickoff-app/blob/master/src/main/java/org/example/kickoff/model/producer/ActiveUserProducer.java>
>>
>> The simple post authenticate events (being informational only)
>> are relatively well understood and something like this is quite
>> often asked for and/or needed by users.
>>
>> I think it would be good to include this in JSR 375.
>>
>> Thoughts?
>>
>> Kind regards,
>> Arjan Tijms
>>
>>
>>
>>
>>
>
> --
> Will Hopkins | WebLogic Security Architect | +1.781.442.0310 <tel:%28781%29%20442-0310>
> Oracle Application Development
> 35 Network Drive, Burlington, MA 01803
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.