I'm submitting these comments on behalf of Oracle's WebLogic security team. Section 1.1: Add groups to "security data" in description of Identity Store? Se

I've updated soteria so that it can be published to maven.java.net, and published version 1.0-b08. It's currently only in the "Promoted" repo -- the Glassfish build will see it there -- but I

I see that the Github organization https://github.com/javaee-security-spec still has references to the java.net infrastructure (mailing list and spec page). I don't know who has the proper rights to u

Hi, I tried the provided profile for the tests once again and found out it didn't work anymore. The provided profile only depends on the API and assumed a (Java EE 8) server that has the Java EE Secur

Hi All, I have updated the Soteria version to 1.0-m06-SNAPSHOT. I also used the 1.0-b06 version of the API, and thus updated the imports to reflect the new package structure within API. The work can b

Hi, I don't know if the TCK work for JSR 375 has already started, but since the JSR states it's closed source, I would like to request access to this TCK, so I can validate that it's sufficiently corr

Hi, I noticed that the PRD has been published (thanks for that!), but that write access has not been restored for the Java EE Security API and spec repos. Would be great if that access can be restored

Hope so indeed!

EG: As part of getting ready to publish our artifacts to maven.java.net, I've been looking at the following naming guidelines: https://javaee.github.io/glassfish/wiki-archive/Maven%20Ve

Hi,   As for the groupId, I am not sure, if Bill or others are worried about „javax.security“ being used by other Standards?   JSR 374 and 367 (the first Version of that new Standard) share „javax

Hi All, I was trying to update some examples I have for a presentation with Soteria. But the current code in Github https://github.com/javaee-security-spec/soteria gives me issues. It points to 1.0-m0

Hopefully before Final or better PFD?       As I understood correctly nobody knows. What I heard was that repos with existing GitHub presence will stay at their current location for at least the sho

Hi, As I understood correctly nobody knows. What I heard was that repos with existing GitHub presence will stay at their current location for at least the short term. If that holds for all repos, and

When will the repository be moved to the JavaEE space btw.?   Kind Regards, Werner

Hi, Reviewing the LoginToContinue annotation, it has a "useForwardToLogin" to specify whether a redirect or a forward should be used when the user requests a protected resource. However, behavior of t

Hi Arjan, I removed that to trigger this discussion. I also added some new language about principals requirements in chapter 2, which is now called, "Concepts and General Requiremen

Hello everyone ! My name is Daniel and I'm from Brazil. I started my experiment in the new API shortly and I have a question regarding the xml's that are in the folder WEB-INF like the: Glassfish-web.

The Public Review Draft for JSR-375 has been published, and is available from the JSR-375 site at the JCP (https://jcp.org/en/jsr/detail?id=375). Direct link to the download page:

Hi, noticed the following after a second read: (emphasis mine) I think what's meant here is BASIC and FORM, isn't it? Kind regards, Arjan Tijms

Hi, As requested by Werner, splitting this topic off from the welcome thread. The previous discussion was about the format of the URL pattern and whether Servlet did, or did not define it. As  ment