[wildfly-dev] New security sub-project: WildFly Elytron

arjan tijms arjan.tijms at gmail.com
Thu Jun 5 05:50:46 EDT 2014


Hi,

On Thu, Jun 5, 2014 at 10:50 AM, Darran Lofthouse <
darran.lofthouse at jboss.com> wrote:

> +1 Recently looking at how different JDBC driver vendors, and different
> JDK vendors interpret the use of JAAS for Kerberos propagation there are
> a lot of different interpretation of the same spec / APIs!!
>

JAAS, and especially JAAS in Java EE, is not the universal standard you may
think it is. Some parts are interpreted differently, but other parts are
just not specified. How to store a username and roles in the "bag of
principles" that the Subject is, is particularly notorious. I wrote a post
about that subject (no pun) here:
http://arjan-tijms.blogspot.com/2014/02/jaas-in-java-ee-is-not-universal.html

I wonder btw if any of the work done for this WildFly Elytron project (and
previous work done for Picketbox/link) could possibly be used for feedback
on how to improve the security APIs in Java EE itself. Has this ever been
considered?

Kind regards,
Arjan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20140605/ce90a4f1/attachment.html 


More information about the wildfly-dev mailing list