=== Interaction with other specifications
When this profile is used as part of a Jakarta EE compatible implementation, the requirements as stated in the sub-sections below MUST be satisfied.
When this profile is NOT used in a Jakarta EE compatible implementation, but this implementation uses one or more of the specifications as outlined in the sub-sections below,
then the requirements as stated in the relevant sub-sections SHOULD be satisfied.
==== Availability of Jakarta EE component namespaces
The Jakarta EE JNDI component namespaces (`java:global`, `java:app`, `java:module`, `java:comp`) MUST be made available to code running in the context of a call to
`validateRequest`, `secureResponse` and `cleanSubject` on the acquired `ServerAuthContext`.
A practical use case for this is obtaining (application scoped) data sources, which a `ServerAuthModule` could use to validate credentials.
Example:
```
new InitialContext().lookup("java:app/myds")
```
==== Availability of CDI scopes
The CDI built-in scopes according to "2.4.1. Built-in scope types" of the CDI specification MUST be made available to code running in the context of a call to
`validateRequest`, `secureResponse` and `cleanSubject` on the acquired `ServerAuthContext`.
A practical use case for this is obtaining application scoped identity stores, which a `ServerAuthModule` could use to validate credentials.
Example:
```
CDI.current().select(SomeBean.class); // SomeBean is @RequestScoped
```
Note that it is a non-requirement that a `ServerAuthModule` is itself a CDI managed bean, and as such it is not required that services such as injection using the `@Inject` annotation are
available to a `ServerAuthModule`. It is only required that programmatic lookup such as shown in the example above works correctly.
The above text was one that we had essentially prepared a long time ago (just before EE 7 initially), but it never made it into the spec text.
Kind regards,
Arjan