Bill, So the category of "trivial" changes you describe corresponds to the description of errata in your JCP Processes writeup? That being the case, what JCP process applies to

And btw. there is at least one or the other Java EE 8 proposal to JVM-Con in late November, but nothing on JSR 375. I can't say how many slots the "Security" topic would get, but so far there's been

No worries. As it looks like one or the other session (like this one;-) does flock in being approved a little later, it could be one on JSON (JSON-P 1.1 and JSON-B 1.0 combined, like Dimitry and I did

Hi Werner, Yes, it's been approved. Thanks for the offer, but I'd actually like to keep this as a single-speaker talk -- it wasn't pitched as a panel or BOF, and I believe the

All, Thanks for letting us know. Has the session as such been approved? Like Ivar I do not necessarily need to have a talk, but since I gave several JSR-375 presentations at CodeMotion, Java2Days or

All: Unfortunately, I won't be able to attend JavaOne in October, so can't present the session that I'd planned. Fortunately, Ivar Grimstad will be attending, and has agreed to

Thanks, Guillermo. Comments inline. Agree, and although the spec isn't clear about the need for exceptions, it does state pretty clearly what NOT_VALIDATED is for, and the purpose

Hi, I prefer to throw exceptions at this moment so we can decide on a future version wether it's preferrable to create a VALIDATION_ERROR result, or if deployment validation is achievable and

Exactly. As you may know, Java EE contained two specs related to security: - JASPIC, for authentication - JACC, for authorization Aside of that, every spec contained its own security related features

Ah the proverbial light bulb has gone off in my head now. So the Security API essentially more or less is a layer on top of the disparate (?) existing security APIs in Java EE. More like

Hi, Unfortunately this version of the spec didn't managed to implement the authorization part and basically only deals with authentication. However the Servlet spec has since the beginning the

Hi, A specific set of JSF pages can be protected in web.xml using a security constraint. Kind regards, Arjan

Hi. I've been looking at the test examples and so far I'm able to follow them. However I'm at a loss about how to declare a specific set of say JSF pages as protected. In Shiro, I can declare in the

Great to hear that! The tests are indeed the best way to get started right now. We an to write some documentation but we're still busy finishing Soteria for its release in the next couple of

Thanks. Got it to work. Checking out the samples in the RI code repo. I think I'm getting the hang of this, coming from the Apache Shiro way of thinking. Once again thanks everyone for your

Hi Saaed, Thanks for your interest! As Will has already stated, latest promoted versions of GlassFish already integrate JSR 375, so you won't need Soteria dependency, just the API. The latest version

Thank you very much Will. I've no idea why the Soteria repo never came to mind. Thanks so much. Off to play with it.

Hi Saeed, The latest GF build should have Soteria in it already. We have not published a recent "release" version of Soteria, or the API, although there are "promoted" builds and

Hello everyone from Accra Ghana. I would like to test out Soteria with the just published Glassfish promoted build 18. However adding the following dependency to my pom.xml results in maven throwing

I've been looking at the pile of bugs currently filed against the default LdapIdentityStore in Soteria, and have noticed a couple broad themes. I'd appreciate some feedback on these ASAP, as we