From Java EE 6 on the JASPIC SPI describes how to integrate portable authentication modules into a Java EE server. Unfortunately JASPIC is not a part of the increasingly popular Java EE Web Profile, which greatly limits the true portability of those authentication modules.
Adding the Servlet Container Profile of JASPIC will not add any real new functionality to the Web Profile; Web Profile implementations are already mandated to implement authentication in some way following the requirements of mainly the Servlet specification. Instead, JASPIC will mainly standardize the way in which Web Profile implementations perform authentication and will make sure server authentication modules (SAMs) can be shared between Full- and Web Profile Java EE servers.
In order to increase portability and have a more consistent security model for the Java EE platform, I'd like to propose that the Servlet Container Profile of JASPIC be added to the Java EE Web Profile.
From Java EE 6 on the JASPIC SPI describes how to integrate portable authentication modules into a Java EE server. Unfortunately JASPIC is not a part of the increasingly popular Java EE Web Profile, which greatly limits the true portability of those authentication modules.
Adding the Servlet Container Profile of JASPIC will not add any real new functionality to the Web Profile; Web Profile implementations are already mandated to implement authentication in some way following the requirements of mainly the Servlet specification. Instead, JASPIC will mainly standardize the way in which Web Profile implementations perform authentication and will make sure server authentication modules (SAMs) can be shared between Full- and Web Profile Java EE servers.
In order to increase portability and have a more consistent security model for the Java EE platform, I'd like to propose that the Servlet Container Profile of JASPIC be added to the Java EE Web Profile.