Notice: Some of the services that support the smooth operation of our websites are still in the process of being restored. As a result, certain features—such as images and committer paperwork—may be temporarily unavailable. Our team is actively working to resolve these issues and restore full functionality as soon as possible.

Thank you for your patience and understanding.

Jakarta Security 3.0

3.0

Description

The goal of this release is to continue adding features and evolving the API. A number of those had been discussed and even had prototype implementations during the development of the previous version, but didn't make it in.

More specifically:

Additional authentication mechanisms:

* Client-cert and Digest SECURITY #120 ❌

* OpenID Connect SECURITY #183 ✅ *

Extended authentication mechanisms:

* Authentication mechanism per URL SECURIY #86 ❌

* User choice of authentication mechanism (login with provider X, login with provider Y, etc) ❌

* Multiple authentication mechanisms (try JWT, fallback to BASIC, etc) ❌



CDI:

* @RolesAllowed alternative ❌

* Easily adding an interceptor to a build-in CDI bean blog ✅/❌



Features

* Authorization modules blog ❌

(*) Note that OpenID Connect builds on OAuth2 by definiton of the OpenID Connect spec, but Jakarta Security has no explicit support for "plain" or "raw" OAuth2.

Conforms To UI/UX Guidelines
Not verified
This release is part of Jakarta 10