Java EE Security API Moving Forward
The Java EE Security API (JSR 375) is moving forward, as summarised by Arjan Tijms here: http://arjan-tijms.omnifaces.org/p/whats-new-in-java-ee-security-api-10.html.
One thing to note is that we now have a name for the reference implementation, namely Soteria. The name originates from Greek Mythology where Soteria was the goddess of safety and salvation [Wikipedia]. Our Soteria can be found on GitHub (https://github.com/javaee-security-spec/soteria) and also has a Twitter handle. Follow @Soteria_RI.
The Soteria GitHub repo contains a couple of samples that demonstrates the features implemented so far. I have created a couple of additional examples where I combine Soteria with other Java EE technologies, such as MVC and JSF. These can be found in https://github.com/ivargrimstad/security-samples.
As the following code shows, it is fairly straightforward to define an embedded identity store for an MVC 1.0 application.
@EmbeddedIdentityStoreDefinition({ @Credentials(callerName = "hem", password = "cheese", groups = {"foo"}), @Credentials(callerName = "haw", password = "cheeze", groups = {"foo", "bar"})} ) @DeclareRoles({"foo", "bar"}) @ApplicationPath("ui") public class ApplicationConfig extends Application { @Override public Set<Class<?>> getClasses() { Set<Class<?>> classes = new HashSet<>(); // add controllers return classes; }
The examples will be evolved as the specification and Soteria continues to evolve.
Reference: | Java EE Security API Moving Forward from our JCG partner Ivar Grimstad at the agilejava.eu blog. |