Looking forward to this discussion. The area that worries me the most is planning and resourcing for Java EE Security after Java EE 8. The expert group has done an admirable job so far, but clearly there will be a lot of obvious work still to do after Java EE 8. Could this specification move forward on it's own as the rest of the Java EE 9 equation is sorted out?
-------- Original message --------From: Werner Keil <werner.keil_at_gmail.com> Date: 3/24/17 5:04 PM (GMT-05:00) To: users_at_javaee-spec.java.net Subject: [javaee-spec users] Re: [jsr366-experts] Java EE Security 1.0 (JSR 375)
Linda/all,
Thanks a lot for mentioning JSR 375.
One thing I'm curious from an Umbrella Java EE and Spec Lead point, is how we should best handle annotations?
https://jcp.org/en/jsr/detail?id=375 mentions both
javax.security
javax.annotation.security
There was no single annotation under javax.security as of Java EE 7.There could be other areas to add annotations later, but so far the Security API already contains 2 new annotation packages
https://github.com/javaee-security-spec/security-api/tree/master/src/main/java/javax/security/authentication/mechanism/http/annotation
and
https://github.com/javaee-security-spec/security-api/tree/master/src/main/java/javax/security/identitystore/annotation
Is it OK to define several new "annotation" packages likejavax.security.authentication.mechanism.annotation
javax.security.identitystore.annotation
...or should they rather be under javax.annotation.security?
Kind Regards,
Werner Keil