Skip to main content
  • Log in
  • Manage Cookies
projects.eclipse.org
Download
  • Projects
  • Working Groups
  • Members
  • Community
    • Marketplace
    • Events
    • Planet Eclipse
    • Newsletter
    • Videos
    • Blogs
  • Participate
    • Report a Bug
    • Forums
    • Mailing Lists
    • Wiki
    • IRC
    • Research
  • Eclipse IDE
    • Download
    • Learn More
    • Documentation
    • Getting Started / Support
    • How to Contribute
    • IDE and Tools
    • Newcomer Forum
  • More
      • Community

      • Marketplace
      • Events
      • Planet Eclipse
      • Newsletter
      • Videos
      • Blogs
      • Participate

      • Report a Bug
      • Forums
      • Mailing Lists
      • Wiki
      • IRC
      • Research
      • Eclipse IDE

      • Download
      • Learn More
      • Documentation
      • Getting Started / Support
      • How to Contribute
      • IDE and Tools
      • Newcomer Forum
    • Search

  1. Home
  2. Projects
  3. Eclipse EE4J
  4. Jakarta Authentication™
  5. 3.0

Jakarta Authentication™ 3.0

Primary tabs

  • Overview(active tab)
  • Release Plan
  • Review Information

The goal of this release is to create a(n additional) Servlet Container Lite profile, and a REST profile. The existing SOAP profile is to be marked as stable. We'd like to update the Java 1.4 API to Java 5 (introduce generics) and clarify some spec text. 

The items are further explained below: 

1. Clarify interactions with other specs ✅

1.1 Clarify that the application Jakarta EE component namespaces (java:app, 
java:comp, etc) should be available from within a ServerAuthModule. 

Practical use case: obtaining application scoped data sources, EJB beans 
and other resources. 

Example: new InitialContext().lookup("java:app/myds") 

1.2 Clarify that the CDI default scopes for web components (@RequestScoped, 
@SessionScoped, etc) should be available from within a SAM. 

Practical use case: obtaining application scoped identity stores 

Example: CDI.current().select(SomeBean.class); // SomeBean is @RequestScoped 

2. Clarify the register session feature 

The spec text regarding how the "register session" feature should work is unclear. 
The spec lead under the JCP clarified this feature at various occasions and made the
remark that the spec should have said something about the groups. These clarifications
should be added to the spec text.

3. Expand the TCK ✅

The TCK is not optimally testing the basics yet, and a few simple (but crucial) tests
should be added.

4. Update the Java SE level ✅

Jakarta Authentication's API is still limited to Java SE 1.4. which feels curiously out of place 
in Jakarta EE 9, let alone Jakarta EE 10.

In practice this mostly boils down to adding generic parameters for the 
various maps Jakarta Authentication passes around. Where it makes sense default methods for 
interfaces could be considered. 

5. Detect invocation via authenticate() ✅

A ServerAuthModule can be called at the start of a request or following a call to 
request#authenticate(). 

A simple key in the message info map would suffice to distinguish between 
those two cases. Various implementations already have such a key in place, 
or have e.g. a boolean for this in the runtime method just before the ServerAuthModule 
is invoked. 

6. Introduce a factory method to register only a ServerAuthModule ✅

The end user of Jakarta Authentication, as well as integrators such as Jakarta Security implementations almost always just care about registering a ServerAuthModule. Yet the AuthConfigFactory only accepts an AuthConfigProvider, which is essentially a "wrapper-wrapper-wrapper-wrapper" of a ServerAuthModule to the end user. A new method should be added to the AuthConfigFactory to only register a ServerAuthModule.

The JDK version required will be aligned with Jakarta EE 10.

Release Date: 
Sunday, May 15, 2022
This release is part of Jakarta 10.
Review: 
3.0 Release Review
Release Type: 
Major release (API breakage)

Project Links

  • Website
Jakarta Authentication™

Related Projects

Project Hierarchy:

  • Eclipse EE4J
  • Jakarta Authentication™

Tags

Technology Types
  • Cloud Native Java
  • Specification

Eclipse Foundation

  • About Us
  • Contact Us
  • Sponsor
  • Members
  • Governance
  • Code of Conduct
  • Logo and Artwork
  • Board of Directors
  • Careers

Legal

  • Privacy Policy
  • Terms of Use
  • Copyright Agent
  • Eclipse Public License
  • Legal Resources

Useful Links

  • Report a Bug
  • Documentation
  • How to Contribute
  • Mailing Lists
  • Forums
  • Marketplace

Other

  • IDE and Tools
  • Projects
  • Working Groups
  • Research@Eclipse
  • Report a Vulnerability
  • Service Status

Copyright © Eclipse Foundation. All Rights Reserved.

Back to the top