Notice: Some of the services that support the smooth operation of our websites are still in the process of being restored. As a result, certain features—such as images and committer paperwork—may be temporarily unavailable. Our team is actively working to resolve these issues and restore full functionality as soon as possible.

Thank you for your patience and understanding.

Jakarta Security 3.0 Release Review

Type
Release
State
Ongoing
End Date of the Review Period

Reviews run for a minimum of one week. The outcome of the review is decided on this date. This is the last day to make comments or ask questions about this review.

Release

3.0

Description

The goal of this release is to continue adding features and evolving the API. A number of those had been discussed and even had prototype implementations during the development of the previous version, but didn't make it in.

More specifically:

Additional authentication mechanisms:

* Client-cert and Digest SECURITY #120 ❌

* OpenID Connect SECURITY #183 ✅ *

Extended authentication mechanisms:

* Authentication mechanism per URL SECURIY #86 ❌

* User choice of authentication mechanism (login with provider X, login with provider Y, etc) ❌

* Multiple authentication mechanisms (try JWT, fallback to BASIC, etc) ❌



CDI:

* @RolesAllowed alternative ❌

* Easily adding an interceptor to a build-in CDI bean blog ✅/❌



Features

* Authorization modules blog ❌

(*) Note that OpenID Connect builds on OAuth2 by definiton of the OpenID Connect spec, but Jakarta Security has no explicit support for "plain" or "raw" OAuth2.

Conforms To UI/UX Guidelines
Not verified
This release is part of Jakarta 10