users@javaee-spec.java.net

[javaee-spec users] Re: [jsr366-experts] Java EE Security API

From: arjan tijms <arjan.tijms_at_gmail.com>
Date: Tue, 11 Apr 2017 00:52:58 +0200

Could be a good idea indeed.

I'm of course strongly, strongly biased, but I know from application
development and working with a lot of different devs in application
development, that something like a basic security for JAX-RS endpoints in a
fully portable and app controlled way is something that comes up each and
every time.

Basically just something like defining this: (pre JSR 375 syntax)

http://arjan-tijms.omnifaces.org/2014/11/header-based-stateless-token.html



On Tue, Apr 11, 2017 at 12:47 AM, reza_rahman <reza_rahman_at_lycos.com> wrote:

> If needed, I suggest doing a simple community poll (e.g. via Twitter) to
> help determine this. As I said, I suspect there is very strong desire for
> this functionality in all profiles.
>
> What do other people in this EG think? I know activity has been sparse for
> quite a few months, but surely we all have some opinions on this?
>
> -------- Original message --------
> From: reza_rahman <reza_rahman_at_lycos.com>
> Date: 4/10/17 4:38 PM (GMT-05:00)
> To: users_at_javaee-spec.java.net
> Subject: Re: [javaee-spec users] Re: [jsr366-experts] Java EE Security API
>
> I actually think what we have now is pretty useful. Given the strong
> support for security in all the Java EE surveys, I think it sends the wrong
> message not to include it in the Web Profile. I don't see that there is any
> future where the security API does not wind up in pretty much all
> significant Java EE profiles.
>