Dependency Bug in Soteria 1.0


Werner Keil
 

All,

I just found a very bad bug in Soteria 1.0 as it's out there in MavenCentral since August 2017 ;-/
I can't even set labels like "bug" but it is clearly a major bug and showstopper from using Soteria unless you run Maven/Gradle etc. in a public web or cloud where Snapshot repositories are available:
https://github.com/javaee/security-soteria/issues/206

When I switch the Java EE dependency to Java EE 8, it seems to work, but the container I'm supposed to use is not Java EE 8 compatible yet nor do any productive Java EE containers out there support EE 8. At most you get betas like Payara 5. 

Without such fix I may be able to abandon Soteria in the actual PoC for now and stick to APIs in JAX-RS with similar functionality (like SecurityContext) 
Hope this can be fixed in the org.glassfish.soteria groupId rather than having to wait for the new EE4J project to release something eventually?

Regards,
Werner

Join javaee-security-spec@javaee.groups.io to automatically receive all group messages.