Hi,
On Fri, Mar 31, 2017 at 10:49 PM, Will Hopkins <will.hopkins_at_oracle.com>
wrote:
> I think we have a similar issue w.r.t. Soteria -- the web container needs
> to configure a JASPIC AuthConfigProvider when it sees AUTHMECH in
> <login-config>.
>
Sorry, could you elaborate on that?
A (bridge) SAM is installed by the CDI extension when an
HttpAuthenticationMechanism is discovered on the class path. I'm not really
sure what you mean with AUTHMECH in <login-config>.
Kind regards,
Arjan Tijms
>
>
> On 03/31/2017 03:24 PM, arjan tijms wrote:
>
> Hi,
>
> The JACC and JASPIC repos are basically GlassFish, right? Especially
> JASPIC is a little hard to implement as a RI, since it more or less tells a
> Servlet container or EJB container (for SOAP) what to do.
>
> But GlassFish still isn't officially on GitHub, is it?
>
> Kind regards,
> Arjan Tijms
>
>
> On Fri, Mar 31, 2017 at 9:01 PM, Will Hopkins <will.hopkins_at_oracle.com>
> wrote:
>
>> My understanding is the jacc and jaspic repos are currently on github and
>> will be kept (or in the case of the framemaker spec source, kept in an
>> internal repository).
>>
>>
>> On 03/31/2017 12:19 PM, arjan tijms wrote:
>>
>> Hope so :O
>>
>> On Fri, Mar 31, 2017 at 3:56 PM, Werner Keil <werner.keil_at_gmail.com>
>> wrote:
>>
>>> Created 30/Apr/13, that was 4 years before the day, java.net hosting
>>> will go down for many projects.
>>>
>>> Hoping, the JASPIC SPEC also being Sun/Oracle led will remain after
>>> April 30?;-)
>>>
>>> Kind Regards,
>>> Werner
>>>
>>>
>>>
>>>
>>> On Fri, Mar 31, 2017 at 2:35 PM, arjan tijms <arjan.tijms_at_gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> One of the things that were discussed early on, but till so far hasn't
>>>> seen much followup is throwing (CDI) events when the caller is
>>>> authenticated (logs in) and logs out.
>>>>
>>>> See this issue: https://java.net/jira/browse/JASPIC_SPEC-21
>>>>
>>>> I also wrote an article about this a couple of years ago:
>>>>
>>>> http://arjan-tijms.omnifaces.org/2012/12/bridging-undertows-
>>>> authentication.html
>>>>
>>>> An example of how these events can be used in practice is shown here:
>>>>
>>>> https://github.com/javaeekickoff/java-ee-kickoff-app/blob/ma
>>>> ster/src/main/java/org/example/kickoff/model/producer/Active
>>>> UserProducer.java
>>>>
>>>> The simple post authenticate events (being informational only) are
>>>> relatively well understood and something like this is quite often asked for
>>>> and/or needed by users.
>>>>
>>>> I think it would be good to include this in JSR 375.
>>>>
>>>> Thoughts?
>>>>
>>>> Kind regards,
>>>> Arjan Tijms
>>>>
>>>>
>>>>
>>>>
>>>
>>
>> --
>> Will Hopkins | WebLogic Security Architect | +1.781.442.0310 <%28781%29%20442-0310>
>> Oracle Application Development
>> 35 Network Drive, Burlington, MA 01803
>>
>>
>
> --
> Will Hopkins | WebLogic Security Architect | +1.781.442.0310 <(781)%20442-0310>
> Oracle Application Development
> 35 Network Drive, Burlington, MA 01803
>
>