search

jakartaee / security

Jakarta Security
https://projects.eclipse.org/projects/ee4j.security
Other
47 stars 39 forks source link

Provide a simple in-memory identity store as per #289 #304

Closed arjantijms closed 12 months ago

arjantijms commented 12 months ago

This store is mostly intended for test purposes and to get started as per #289

darranl commented 12 months ago

I don't really see why this needs to be a part of the specification, the nature of the specification means projects can be set up independently to provide test resources.

Although mentioned as being for testing application servers that then omit this in production would be considered non-spec compliant?

arjantijms commented 12 months ago

I don't really see why this needs to be a part of the specification

The reason is that people who just start with Jakarta Security can add an identity store using a simple annotation. Setting up the database and ldap stores take some time, so it's just easier to start with this.

Also don't forget that almost every server out there has something akin to an in-memory identity store. Clearly there is demand, otherwise why do these servers have them? I.e. in GlassFIsh we have the FileRealm. Even WildFly has the filesystem-realm. Tomcat has something like it too.

So the question should be really the other way around perhaps? Why would you not see this being part of the specification?