[javaee-spec users] Authentication events in Java EE

From: arjan tijms <>
Date: Fri, 7 Nov 2014 14:54:17 +0100


A while ago I created
(Support for events). The idea there is that the authentication system
throws several events at various stages of the authentication process.

Via this basic and general mechanism a lot of higher level features
could be realized by applications, such as keeping track of logged-in
users, protecting against brute force attacks, increasing the session
time-out after a user logs in and more.

Now there are quite a number of areas of the Java EE security system
that could use attention and some of that has been discussed before,
but I don't think this relatively simple but powerful mechanism has
seen much discussion yet.

Therefore I was wondering what people think about this.

Kind regards,
Arjan Tijms


Since there's no Security JSR yet (and thus no associated mailing
list) I posted this to the Java EE user's list, which I hope is the
next best place to discuss this.