javaee-security-spec@javaee.groups.io | Dependency Bug in Soteria 1.0

Home Messages Hashtags

Topics

Date Date 1 - 9 of 9

Dependency Bug in Soteria 1.0

Werner Keil #725 That is good to know, thanks. Will try it probably on Monday when I get to that demo for security I have to do. Werner
More All Messages By This Member
Rudy De Busscher #724 Werner, Workaround from Arjan works, I have used it already some months ago for a demo. Works for any Java EE 7 server which doesn't contain Soteria already. Rudy toggle quoted messageShow quoted text On 14 February 2018 at 21:06, Werner Keil <werner.keil@...> wrote: If the hints for build-time by Arjan work (deployment in Payara 4 build 174 or above should be fine) I guess that'll do for the client I'm helping with security and identity management right now. For many others that also cannot use a snapshot repo a patch within a few weeks would be good.
More All Messages By This Member
Werner Keil #723 If the hints for build-time by Arjan work (deployment in Payara 4 build 174 or above should be fine) I guess that'll do for the client I'm helping with security and identity management right now. For many others that also cannot use a snapshot repo a patch within a few weeks would be good.
More All Messages By This Member
Werner Keil #722 Will try those in the POM of the dev environment tomorrow. Would be great if it works to show them Soteria in the security PoC, but nevertheless it would be as great if Oracle or someone else could release a patch. Like it was done for the JSON-P RI at least once before that moved to EE4J.
More All Messages By This Member
Bill Shannon #721 The project proposal for Soteria should be submitted to the Eclipse Foundation this week. Then it takes a few weeks for Eclipse to vote on and approve the proposal. Then the repository and issues need to be migrated. Then the build infrastructure needs to be set up. My guess is that it will probably be 4 - 6 weeks before a bug fix can be published from the Eclipse project. No changes are being made to the existing Java EE Soteria project while this work is in progress. Werner Keil wrote on 02/14/18 10:23 AM: toggle quoted messageShow quoted text All, I just found a very bad bug in Soteria 1.0 as it's out there in MavenCentral since August 2017 ;-/ I can't even set labels like "bug" but it is clearly a major bug and showstopper from using Soteria unless you run Maven/Gradle etc. in a public web or cloud where Snapshot repositories are available: https://github.com/javaee/security-soteria/issues/206 When I switch the Java EE dependency to Java EE 8, it seems to work, but the container I'm supposed to use is not Java EE 8 compatible yet nor do any productive Java EE containers out there support EE 8. At most you get betas like Payara 5. Without such fix I may be able to abandon Soteria in the actual PoC for now and stick to APIs in JAX-RS with similar functionality (like SecurityContext) Hope this can be fixed in the org.glassfish.soteria groupId rather than having to wait for the new EE4J project to release something eventually? Regards, Werner
More All Messages By This Member
Arjan Tijms #720 Payara 174 has Soteria as well. The war only has to depend on the API, not on Soteria itself. The 1.0 API is available from Maven central: <dependency> <groupId>javax.security.enterprise</groupId> <artifactId>javax.security.enterprise-api</artifactId> <version>1.0</version> <scope>provided</scope> </dependency> Alternatively, I think it should work with any other server if you depend on Soteria indeed, but exclude the API from it. See: https://maven.apache.org/guides/introduction/introduction-to-optional-and-excludes-dependencies.html Then include the 1.0 API dependency. Something like: <!-- API --> <dependency> <groupId>javax.security.enterprise</groupId> <artifactId>javax.security.enterprise-api</artifactId> <version>1.0</version> </dependency> <!-- Impl, without Api --> <dependency> <groupId>org.glassfish.soteria</groupId> <artifactId>javax.security.enterprise</artifactId> <version>1.0</version> <exclusions> <exclusion> <groupId>javax.security.enterprise</groupId> <artifactId>javax.security.enterprise-api</artifactId> </exclusion> </exclusions> </dependency>
More All Messages By This Member
Werner Keil #719 I know but the client currently only uses Payara 174 at most, and the WAR still must be built against a valid Maven repo, no snapshots allowed there. If Payara has public (Final) Maven JARs I could use here instead, that might work.
More All Messages By This Member
Arjan Tijms #718 On Wed, Feb 14, 2018 at 10:23 am, Werner Keil wrote: When I switch the Java EE dependency to Java EE 8, it seems to work, but the container I'm supposed to use is not Java EE 8 compatible yet nor do any productive Java EE containers out there support EE 8. At most you get betas like Payara 5. One other option is Payara 4.181, which includes Soteria and is fully supported, as well as publicly available.
More All Messages By This Member
Werner Keil #717 All, I just found a very bad bug in Soteria 1.0 as it's out there in MavenCentral since August 2017 ;-/ I can't even set labels like "bug" but it is clearly a major bug and showstopper from using Soteria unless you run Maven/Gradle etc. in a public web or cloud where Snapshot repositories are available: https://github.com/javaee/security-soteria/issues/206 When I switch the Java EE dependency to Java EE 8, it seems to work, but the container I'm supposed to use is not Java EE 8 compatible yet nor do any productive Java EE containers out there support EE 8. At most you get betas like Payara 5. Without such fix I may be able to abandon Soteria in the actual PoC for now and stick to APIs in JAX-RS with similar functionality (like SecurityContext) Hope this can be fixed in the org.glassfish.soteria groupId rather than having to wait for the new EE4J project to release something eventually? Regards, Werner
More All Messages By This Member

1 - 9 of 9

1

Previous Topic Next Topic

Home Messages Hashtags About Features Pricing Updates Terms Help Twitter