javaee-security-spec@javaee.groups.io

Seeding EE4J project for Security

I would like to join. Sent via the Samsung Galaxy S7, an AT&T 4G LTE smartphone

By ... · #715 ·

Java EE Security.Next

Obviously an MR is the best route if Oracle has the appetite. If not I suggest an RI specific extension. The last resort could be a fork. Sent from my iPhone

By ... · #687 ·

Improving the JSR 375 website

That website is community-contributed. If needed, I can get in touch with the original author. Sent via the Samsung Galaxy S7, an AT&T 4G LTE smartphone

By ... · #612 ·

What's our Acronym?

Sounds good to me.

By ... · #576 ·

Java EE Security.next and JWT (JSON Web Tokens)

Certainly worth exploring if doing anything is possible. It does come up often enough these days at clients along with OAuth/OpenID Connect.

By ... · #361 ·

Default group to role mapping

I agree with Arjan. In a vast majority of cases, default mapping is just fine. Indeed I have not seen it the other way around in a very long time.

By ... · #228 ·

Solution for hardcoded values in IdentityStore properties within Soteria

This problem was supposed to be solved through the configuration JSR.

By ... · #216 ·

Restore write access for all EG members?

I agree ultimately you should do what you are truly comfortable with as specification lead (within reason of course). If you had any general questions, Bill and Linda could provide guidance.

By ... · #142 ·

Discussion: SecurityContext

It is indeed a shame we didn't do more to step away from EJB in Java EE 7 and Java EE 8. One thing I was hoping would come out of this JSR is interceptor versions of @RolesAllowed, etc.

By ... · #139 ·