Topics

Application Client and Security 1.0?


Kevin Sutter
 

Hi,
Looking at Figure EE.2-1 and I see that Security 1.0 is listed as part of the Application Client.  I knew about the discussion to include Security 1.0 in the Web Profile.  I was not aware of it being included in the App Client.  I don't know if I have strong opinions one way or the other on this one...  But, if it is meant to be included in the App Client, then don't we also have to include JASPIC in the app client (due to the dependency of Security on JASPIC)?

Was the inclusion of Security in the App Client discussed and I missed it?  In any case, an update to the Figure will be required to get the App Client definition properly updated.  Is this Figure the only location where the specific content of the App Client is defined?

Thanks,
Kevin


Arjan Tijms
 

Hi Kevin,

I know nothing about support for the Application Client Container and Java EE Security. To be honest, I don't know much about the ACC at all, but doesn't it work via a kind of automatic remote EJB?

At the very least, JASPIC nor Java EE Security have any kind of support for remote EJB. This was discussed, but because of resources constraints in the JSR 375 EG as well as the deemphasis of (remote) EJB and the ACC we decided not to pursue standardisation for the 1.0 release of the Java EE Security API.

Kind regards,
Arjan Tijms


Linda DeMichiel
 

Hi Kevin,

This looks like a cut-and-paste bug. 

Table EE.6-1 indicates that Security 1.0 is not a requirement for Application Clients.

Thanks again for your diligence in reviewing the spec.

-Linda


On 6/6/17, 1:19 PM, Kevin Sutter wrote:
Hi,
Looking at Figure EE.2-1 and I see that Security 1.0 is listed as part of the Application Client.  I knew about the discussion to include Security 1.0 in the Web Profile.  I was not aware of it being included in the App Client.  I don't know if I have strong opinions one way or the other on this one...  But, if it is meant to be included in the App Client, then don't we also have to include JASPIC in the app client (due to the dependency of Security on JASPIC)?

Was the inclusion of Security in the App Client discussed and I missed it?  In any case, an update to the Figure will be required to get the App Client definition properly updated.  Is this Figure the only location where the specific content of the App Client is defined?

Thanks,
Kevin