title | date | summary |
---|---|---|
Jakarta Authorization 2.1 (under development) |
2021-05-19 |
Release for Jakarta EE 10 |
Jakarta Authorization defines a low-level SPI for authorization modules, which are repositories of permissions facilitating subject based security by determining whether a given subject has a given permission, and algorithms to transform security constraints for specific containers (such as Jakarta Servlet or Jakarta Enterprise Beans) into these permissions.
The primary goal of this release is to make Jakarta Authorization more suitable for cloud deployments, by adding an option to add policy providers programmatically for a single application. This mirrors the API available for Jakarta Authentication.
More specifically:
- Register a policy provider programmatically per application AUTHORIZATION #98
- getPolicyConfiguration without open requirement AUTHORIZATION #53
- Add methods to the PolicyConfiguration to read permissions AUTHORIZATION #52
The JDK version required will be aligned with Jakarta EE 10.