I personally think bringing JASPIC to the Web Profile is not a big deal
since, as have been said, all mayor plain Servlet Containers already do
that, and even the Servlet spec has been talking about explicitly requiring
it.
JACC is another story, but then, JSR 375 can work without it so that's not
a problem at all.
So big +1 from me on adding JSR 375 to the web profile, even if that needs
to also pull JASPIC.
El mar., 11 de abril de 2017 0:53, arjan tijms <arjan.tijms_at_gmail.com>
escribió:
> Could be a good idea indeed.
>
> I'm of course strongly, strongly biased, but I know from application
> development and working with a lot of different devs in application
> development, that something like a basic security for JAX-RS endpoints in a
> fully portable and app controlled way is something that comes up each and
> every time.
>
Interestingly, JAX-RS is not part of the Web Profile.
>
> Basically just something like defining this: (pre JSR 375 syntax)
>
> http://arjan-tijms.omnifaces.org/2014/11/header-based-stateless-token.html
>
>
>
> On Tue, Apr 11, 2017 at 12:47 AM, reza_rahman <reza_rahman_at_lycos.com>
> wrote:
>
> If needed, I suggest doing a simple community poll (e.g. via Twitter) to
> help determine this. As I said, I suspect there is very strong desire for
> this functionality in all profiles.
>
> What do other people in this EG think? I know activity has been sparse for
> quite a few months, but surely we all have some opinions on this?
>
> -------- Original message --------
> From: reza_rahman <reza_rahman_at_lycos.com>
> Date: 4/10/17 4:38 PM (GMT-05:00)
> To: users_at_javaee-spec.java.net
> Subject: Re: [javaee-spec users] Re: [jsr366-experts] Java EE Security API
>
> I actually think what we have now is pretty useful. Given the strong
> support for security in all the Java EE surveys, I think it sends the wrong
> message not to include it in the Web Profile. I don't see that there is any
> future where the security API does not wind up in pretty much all
> significant Java EE profiles.
>
>
>