These are my notes, such as they are,
from the meeting we had a couple weeks ago.
Agenda/Notes from JSR-375 Expert Group Meeting 2017-07-06:
- Need to finalize PFD draft this week
- How to people feel about the PRD draft?
- Will send out list of proposed changes tonight or tomorrow,
and review draft Friday, quick review appreciated
- Close on open issues
- How to handle open JIRAs (at javaee) for things we won't
- Open JIRA issues:
- Hashing algorithms
- Indirection for annotation config values?
- Open issues from email:
- Refactor SecurityContext?
- Group -> Role mapping?
- Downcasting principals
- From my spec notes:
- avoid dependency on jaspic from AuthException used by
- checked exception for, e.g., network errors during
validate() or getCallerGroups()?
- qualifier and scope for HttpAuthenticatinoMechanism
- Can we really say it MUST be possible to provide a HAM
in an application archive? Isn't that up to CDI?
- need to use the bean manager that can see both
application and container classes.
- results undefined if more than one HAM supplied? or
deployment error? Does CDI say? -- cdi will complain if
there are two impls.
- LDAP annotation attributes -- may tweak these and send
proposal to list
- remember me -- secure by default, warning in logs if is not
- login to continue
Will: ejb get caller vs. servlet get
caller -- follows servlet way of doing things -- returns null
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Application Development
35 Network Drive, Burlington, MA 01803