|
Solution for hardcoded values in IdentityStore properties within Soteria 28 messages
Hi All,
The issue is already mentioned a few times when I gave a talk and is also logged as an issue in our GitHub https://github.com/javaee-security-spec/soteria/issues/76.
I think we cannot specify
Hi All,
The issue is already mentioned a few times when I gave a talk and is also logged as an issue in our GitHub https://github.com/javaee-security-spec/soteria/issues/76.
I think we cannot specify
|
By Rudy De Busscher
·
|
|
JSR-375 Expert Group Meeting 6 messages
NotificationMeeting Invite
Will Hopkins has invited you to
JSR-375 Expert Group MeetingDate:Thu, Jul 06, 2017Time:3:00 PM - 5:00 PM EDTLocation:Zoom - details in descriptionOrganizer:Will HopkinsAtten
NotificationMeeting Invite
Will Hopkins has invited you to
JSR-375 Expert Group MeetingDate:Thu, Jul 06, 2017Time:3:00 PM - 5:00 PM EDTLocation:Zoom - details in descriptionOrganizer:Will HopkinsAtten
|
By Will Hopkins
·
|
|
JPQL support for database identity store? 6 messages
Hi,
Has the EG ever discussed JPA/JPQL support for the database identity store? JPA is already used in most applications, and the database JNDI already has to be set on persistence.xml (where there's
Hi,
Has the EG ever discussed JPA/JPQL support for the database identity store? JPA is already used in most applications, and the database JNDI already has to be set on persistence.xml (where there's
|
By Guillermo González de Agüero
·
|
|
Proposal for password hashing 5 messages
EG:
I like the idea of supporting EL expressions so that users can
specify their own password hashing algorithm, but I wonder if it
wouldn't be better, or at least simpler, to suppo
EG:
I like the idea of supporting EL expressions so that users can
specify their own password hashing algorithm, but I wonder if it
wouldn't be better, or at least simpler, to suppo
|
By Will Hopkins
·
|
|
Validation of identity store attributes
Hi,
I was wondering how the container should behave when invalid attributes are found on an identity store, e.g.: an invalid database JNDI lookup, malformed LDAP server url, etc.
That kind of invalid
Hi,
I was wondering how the container should behave when invalid attributes are found on an identity store, e.g.: an invalid database JNDI lookup, malformed LDAP server url, etc.
That kind of invalid
|
By Guillermo González de Agüero
·
|
|
AuthenticationException -- checked or unchecked? 2 messages
How should I code this?
--
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Application Development
35 Network Drive, Burlington, MA 01803
How should I code this?
--
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Application Development
35 Network Drive, Burlington, MA 01803
|
By Will Hopkins
·
|
|
Build In Identity Stores - Credential Validation 5 messages
The build in default beans should mean some consistent implementations across different containers.
On the two identity stores there doesn't seem to be any description as to how this validation will h
The build in default beans should mean some consistent implementations across different containers.
On the two identity stores there doesn't seem to be any description as to how this validation will h
|
By Darran Lofthouse
·
|
|
Built In HttpAuthenticationMechanismBeans - Client Cert 5 messages
Just a small one.
Is there a reason for omitting a bean for client cert authentication?
If a client's certificate is available the servlet container is required to make it available so we have access
Just a small one.
Is there a reason for omitting a bean for client cert authentication?
If a client's certificate is available the servlet container is required to make it available so we have access
|
By Darran Lofthouse
·
|
|
LDAP Identity Store - memberOf 3 messages
Looking at the annotation to define an LDAP - is it possible to configure this where the entry for the user contains an attribute memberOf referencing the group the user is a member of instead of the
Looking at the annotation to define an LDAP - is it possible to configure this where the entry for the user contains an attribute memberOf referencing the group the user is a member of instead of the
|
By Darran Lofthouse
·
|
|
Public Review Draft - Multiple Authentication Mechanisms 5 messages
One feature that I don't see coverage of that I see plenty of demand for from EE developers and users is how to allow multiple authentication mechanisms to work together.
A common scenario I see reque
One feature that I don't see coverage of that I see plenty of demand for from EE developers and users is how to allow multiple authentication mechanisms to work together.
A common scenario I see reque
|
By Darran Lofthouse
·
|
|
SecurityContext - downcasting getCallerPrincipal() 41 messages
Hi,
I noticed that in the spec text a few essentials were removed in the security context.
For instance the part here:
https://github.com/javaee-security-spec/security-spec/commit/db51cc841e5cb3d8fee
Hi,
I noticed that in the spec text a few essentials were removed in the security context.
For instance the part here:
https://github.com/javaee-security-spec/security-spec/commit/db51cc841e5cb3d8fee
|
By Arjan Tijms
·
|
|
Public Review Draft - IdentityStore validate 4 messages
On the validation provided by the IdentityStore I have a few concerns.
The first is I think it is stretching the definition to effectively encapsulate the whole response to a challenge as a credential
On the validation provided by the IdentityStore I have a few concerns.
The first is I think it is stretching the definition to effectively encapsulate the whole response to a challenge as a credential
|
By Darran Lofthouse
·
|
|
Public Review Draft - Wrapping Using a ServerAuthModule 2 messages
Whilst JASPIC may have been an inspiration for a number of aspects of the API, is it strictly necessary to state that the mechanism would be wrapped using a ServerAuthModule - shouldn't this be an imp
Whilst JASPIC may have been an inspiration for a number of aspects of the API, is it strictly necessary to state that the mechanism would be wrapped using a ServerAuthModule - shouldn't this be an imp
|
By Darran Lofthouse
·
|
|
Public Review Draft - Authentication Mechanism
I provided some feedback earlier this year but I suspect it may have been a long e-mail, I still have some comments on the latest specification.
At the moment an authentication mechanism is described
I provided some feedback earlier this year but I suspect it may have been a long e-mail, I still have some comments on the latest specification.
At the moment an authentication mechanism is described
|
By Darran Lofthouse
·
|
|
Moving to JavaEE Org: Are all EG/Contributors members of the JavaEE Org? 5 messages
Once we move, you will need to belong to the Java EE organization at
GitHub in order to make changes or (I believe) update issues.
Has everyone actively working on the project joined th
Once we move, you will need to belong to the Java EE organization at
GitHub in order to make changes or (I believe) update issues.
Has everyone actively working on the project joined th
|
By Will Hopkins
·
|
|
Asciidoctor PDF Output Questions
EG:
I've had reports that the PRD draft of the spec, while formatted
much better than the previous draft, is generated with A4 page size
and fonts that aren't found when printing fr
EG:
I've had reports that the PRD draft of the spec, while formatted
much better than the previous draft, is generated with A4 page size
and fonts that aren't found when printing fr
|
By Will Hopkins
·
|
|
Prepare for Proposed Final Draft 11 messages
EG:
The review period for the Public Review Draft has ended, and it's
time to start preparing the Proposed Final Draft.
To that end, we need to make final decisions on open i
EG:
The review period for the Public Review Draft has ended, and it's
time to start preparing the Proposed Final Draft.
To that end, we need to make final decisions on open i
|
By Will Hopkins
·
|
|
Discussion: SecurityContext 18 messages
I'd like to start a thread to discuss some issues related to
SecurityContext.
The first, and most important, in my view, is how it's structured. I
originally understood SecurityCont
I'd like to start a thread to discuss some issues related to
SecurityContext.
The first, and most important, in my view, is how it's structured. I
originally understood SecurityCont
|
By Will Hopkins
·
|
|
responseUnAuthorized: rename to responseUnauthorized 7 messages
See https://github.com/javaee-security-spec/soteria/issues/68
Trivial change, and a reasonable request. Are we all in favour to change this?
See https://github.com/javaee-security-spec/soteria/issues/68
Trivial change, and a reasonable request. Are we all in favour to change this?
|
By Arjan Tijms
·
|
|
Publishing snapshots? 8 messages
Hi,
I wonder if snapshots are already published again after every commit. Currently this doesn't happen anymore, so the CI tests unfortunately don't work anymore either.
Kind regards,
Arjan Tijms
Hi,
I wonder if snapshots are already published again after every commit. Currently this doesn't happen anymore, so the CI tests unfortunately don't work anymore either.
Kind regards,
Arjan Tijms
|
By Arjan Tijms
·
|