This is another version of my previous blog on JAX-RS and JWT which includes a pinch of Java EE Security API (new JSR in Java EE 8). In case you are completely new to JSR 375, please jump to the last section of this blog and use the resources listed there
But, what’s new ?
Uses the following features powered by the draft JSR 375 implementation available here
- HTTP Basic Authentication
- an Embedded Identity Store
Changes made…
- web.xml does not need the <login-config> element to enforce HTTP Basic Authentication. This is taken care of by the @BasicAuthenticationMechanismDefinition annotation
- No need to define the actual realm, user and groups in the application server security configuration. The container realm used to act as the identity/credential store. This was replaced by implementation of an Embedded Identity Store by JSR 375. All that was required is the declaration of @EmbeddedIdentityStoreDefinition
Note: Java EE Security API also provides options for Database and LDAP as Identity Stores
- POM changes: include the JSR 375 API and its RI
More on JSR 375
- JSR 375 session during Java One 2015: must watch
- Github project: spec, RI, examples, javadocs
- Some more examples by Arjan
- JSR 375 section on Arjan’s Java EE 8 ZEEF page
- Mailing list
Cheers!