Re: Dependency Bug in Soteria 1.0


Bill Shannon
 

The project proposal for Soteria should be submitted to the Eclipse Foundation this week.  Then it takes a few weeks for Eclipse to vote on and approve the proposal.  Then the repository and issues need to be migrated.  Then the build infrastructure needs to be set up.  My guess is that it will probably be 4 - 6 weeks before a bug fix can be published from the Eclipse project.  No changes are being made to the existing Java EE Soteria project while this work is in progress.

Werner Keil wrote on 02/14/18 10:23 AM:

All,

I just found a very bad bug in Soteria 1.0 as it's out there in MavenCentral since August 2017 ;-/
I can't even set labels like "bug" but it is clearly a major bug and showstopper from using Soteria unless you run Maven/Gradle etc. in a public web or cloud where Snapshot repositories are available:
https://github.com/javaee/security-soteria/issues/206

When I switch the Java EE dependency to Java EE 8, it seems to work, but the container I'm supposed to use is not Java EE 8 compatible yet nor do any productive Java EE containers out there support EE 8. At most you get betas like Payara 5. 

Without such fix I may be able to abandon Soteria in the actual PoC for now and stick to APIs in JAX-RS with similar functionality (like SecurityContext) 
Hope this can be fixed in the org.glassfish.soteria groupId rather than having to wait for the new EE4J project to release something eventually?

Regards,
Werner

Join javaee-security-spec@javaee.groups.io to automatically receive all group messages.