Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security

[arjan tijms <arjan.tijms@xxxxxxxxx>]

Hi,

On Fri, Nov 4, 2022 at 9:11 PM Dominic Büchner <dbuechner93@xxxxxxxxx> wrote:

the worst would be referencing to MP JWT because MP depends on some Jakarta Libs and so ther is a chance to introduce cyclic dependencies and how knows what problemes can a raise through that.

It might indeed not be the best way to reference MP JWT, but the referencing would not be very direct by literally including a pom or so with explicit libraries.

The idea would be to reference it with prose only, saying Jakarta Security should support an authentication mechanism that behaves just like the one described by MP JWT.

Something like this is done for the FORM authentication mechanism:

"FORM - Authenticates according to the mechanism as described in 13.6.3, "Form Based Authentication", in [SERVLET60]. This bean is activated and configured via the @FormAuthenticationMechanismDefinition annotation."

See https://jakarta.ee/specifications/security/3.0/jakarta-security-spec-3.0.html#annotations-and-built-in-httpauthenticationmechanism-beans

Kind regards,

Arjan Tijms