This document outlines a presentation about security in Java EE applications. It discusses the history of security in Java EE, from the pre-modern era with basic authentication to the modern era with standards like JASPIC and the new Security API in EE8. The presentation covers how JASPIC allowed developers to customize authentication by implementing ServerAuthModules. It also explains how the Security API simplifies security with concepts like IdentityStores and built-in authentication mechanisms that can be customized through extension points.
31. slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Register JASPIC ServerAuthModule?
Step #4
• Create
MyServerAuthContext implements ServerAuthContext
• Creates authentication module ServerAuthModule
Tijms, A. (2012, November 7). Implementing container authentication in Java EE with JASPIC.
Retrieved from http://arjan-tijms.omnifaces.org/2012/11/implementing-container-authentication.html
32. slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Register JASPIC ServerAuthModule?
Step #5
• Create
MyServerAuthModule implements ServerAuthModule
• This is where you finally put your code
• Building a Principal
• Getting roles/groups
• EE6 goal was flexibility
Tijms, A. (2012, November 7). Implementing container authentication in Java EE with JASPIC.
Retrieved from http://arjan-tijms.omnifaces.org/2012/11/implementing-container-authentication.html
43. slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
So what’s the catch?
• JASPIC ignored when EE6 came out
• Overshadowed
• Web-Profile
• CDI
• JAX-RS
• Pre-EE8
• Full-profile only
• Vender support of open standard is tricky
• Tijms, A (2016, December 04). The state of portable authentication in Java
EE, end 2016 update. Retrieved from http://arjan-
tijms.omnifaces.org/2016/12/the-state-of-portable-authentication-in.html