Jakarta Security 3.0

3.0

Description

The goal of this release is to continue adding features and evolving the API. A number of those had been discussed and even had prototype implementations during the development of the previous version, but didn't make it in.

More specifically:

Additional authentication mechanisms:

* Client-cert and Digest SECURITY #120 ❌

* OpenID Connect SECURITY #183 ✅ *

Extended authentication mechanisms:

* Authentication mechanism per URL SECURIY #86 ❌

* User choice of authentication mechanism (login with provider X, login with provider Y, etc) ❌

* Multiple authentication mechanisms (try JWT, fallback to BASIC, etc) ❌



CDI:

* @RolesAllowed alternative ❌

* Easily adding an interceptor to a build-in CDI bean blog ✅/❌



Features

* Authorization modules blog ❌

(*) Note that OpenID Connect builds on OAuth2 by definiton of the OpenID Connect spec, but Jakarta Security has no explicit support for "plain" or "raw" OAuth2.

Conforms To UI/UX Guidelines
Not verified
This release is part of Jakarta 10