glassfishrobot
commented
11 years ago Reported by arjan_t
Closed glassfishrobot closed 7 years ago
glassfishrobot
commented
11 years ago Reported by arjan_t
glassfishrobot
commented
7 years ago This issue was imported from java.net JIRA JAVAEE_SPEC-22
ldemichiel
commented
7 years ago Fixed as of Java EE 8 Public Review draft.
From Java EE 6 on the JASPIC SPI describes how to integrate portable authentication modules into a Java EE server. Unfortunately JASPIC is not a part of the increasingly popular Java EE Web Profile, which greatly limits the true portability of those authentication modules.
Adding the Servlet Container Profile of JASPIC will not add any real new functionality to the Web Profile; Web Profile implementations are already mandated to implement authentication in some way following the requirements of mainly the Servlet specification. Instead, JASPIC will mainly standardize the way in which Web Profile implementations perform authentication and will make sure server authentication modules (SAMs) can be shared between Full- and Web Profile Java EE servers.
In order to increase portability and have a more consistent security model for the Java EE platform, I'd like to propose that the Servlet Container Profile of JASPIC be added to the Java EE Web Profile.