Java EE Security API Moving Forward

The Java EE Security API (JSR 375) is moving forward, as summarised by Arjan Tijms here: http://arjan-tijms.omnifaces.org/p/whats-new-in-java-ee-security-api-10.html.

One thing to note is that we now have a name for the reference implementation, namely Soteria. The name originates from Greek Mythology where Soteria was the goddess of safety and salvation [Wikipedia]. Our Soteria can be found on GitHub (https://github.com/javaee-security-spec/soteria) and also has a Twitter handle. Follow @Soteria_RI.

The Soteria GitHub repo contains a couple of samples that demonstrates the features implemented so far. I have created a couple of additional examples where I combine Soteria with other Java EE technologies, such as MVC and JSF. These can be found in https://github.com/ivargrimstad/security-samples.

As the following code shows, it is fairly straightforward to define an embedded identity store for an MVC 1.0 application.

@EmbeddedIdentityStoreDefinition({
    @Credentials(callerName = "hem", password = "cheese", groups = {"foo"}),
    @Credentials(callerName = "haw", password = "cheeze", groups = {"foo", "bar"})}
)
@DeclareRoles({"foo", "bar"})
@ApplicationPath("ui")
public class ApplicationConfig extends Application {

    @Override
    public Set<Class<?>> getClasses() {
        Set<Class<?>> classes = new HashSet<>();
        // add controllers
        return classes;
    }

The examples will be evolved as the specification and Soteria continues to evolve.

Java EE Security API Moving Forward

| Architecture & Security, Server Side Java| 1,020 views | 1 Comment
About The Author
- Ivar Grimstad is a Java Champion, JUG Leader and software architect focusing on Enterprise Java. He is participating in the Java Community Process as a member of the Expert Groups for JSR 368 (JMS 2.1), JSR 371 (MVC 1.0), JSR 375 (Java EE Security API). He is also a member of the NetBeans Dream Team. He has been working with Java since the beginning and has over the years tried out everything from lightweight mobile applications to large scale enterprise applications. His experience covers all aspects of designing architectures based on a variety of technologies including standard Java EE as well as other frameworks such as Spring and a variety of open source products. Ivar is always focusing on quality and on using the right tools and technologies for the right task to optimize the software development process. Ivar is a frequent speaker at international developer conferences.

1 Comment

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>