Header based stateless token authentication for JAX-RS
Authentication is a topic that comes up often for web applications. The Java EE spec supports authentication for those via the Servlet and JASPIC specs, but doesn't say too much about how to...
View ArticleOmniFaces 2.0 RC2 available for testing
After an intense debugging session following the release of OmniFaces 2.0, we have decided to release one more release candidate; OmniFaces 2.0 RC2. For RC2 we mostly focused on TomEE 2.0...
View ArticleOmniFaces 2.0 released!
After a poll regarding the future dependencies of OmniFaces 2.0 and tworelease candidates we're proud to announce that today we've finally released OmniFaces 2.0. OmniFaces 2.0 is a direct continuation...
View ArticleJSF and MVC 1.0, a comparison in code
One of the new specs that will debut in Java EE 8 will be MVC 1.0, a second MVC framework alongside the existing MVC framework JSF. A lot has been written about this. Discussions have mostly been about...
View ArticleJava EE authorization - JACC revisited part I
A while ago we took a look at container authorization in Java EE, which we saw was taken care of by a specification called JACC. We saw that JACC offered a clear standardized hook into what's often...
View ArticleJava EE authorization - JACC revisited part II
This is the second part of a series where we revisit JACC after taking an initial look at it last year. In the first part we somewhat rectified a few of the disadvantages that were initially discovered...
View ArticleThe most popular upcoming Java EE 8 technologies according to ZEEF users
I maintain a page on zeef.com about the upcoming Java EE 8 specification. On this page I collect all interesting links about the various sub-specs that will be updated or newly introduced in EE 8. The...
View ArticleThe most popular Java EE servers in 2014/2015 according to OmniFaces users
For a little over 3 months (from half of November 2014 to late February 2015) we had a poll on the OmniFaces website asking what AS (Application Server) people used with OmniFaces (people could select...
View ArticleJava EE authorization - JACC revisited part III
This is the third and final part of a series where we revisit JACC after taking an initial look at it last year. In the first part we mainly looked at various role mapping strategies, while the main...
View ArticleHow Java EE translates web.xml constraints to Permission instances
It's a well known fact that in Java EE security one can specify security constraints in web.xml. It's perhaps a little lesser known fact that in full profile Java EE servers those constraints are...
View ArticleTesting JASPIC 1.1 on IBM Liberty EE 7 beta
In this article we take a look at the latest April 2015 beta version of IBM's Liberty server, and specifically look at how well it implements the Java EE authentication standard JASPIC. The initial...
View ArticleOmniFaces 2.1-RC1 has been released!
We are proud to announce that OmniFaces 2.1 release candidate 1 has been made available for testing. OmniFaces 2.1 is the second release that will depend on JSF 2.2 and CDI 1.1 from Java EE 7. Since...
View ArticleClik here to view.
Diving into the unknown: the JEUS application server
There are quite a number of Java EE implementations. At the open source front JBoss, GlassFish and increasingly TomEE are very well known. On the commercial side there's WebLogic, WebSphere and...
View ArticleClik here to view.
NEC's WebOTX - a commercial GlassFish derivative
In a previous article we took a look at an obscure Java EE application server that's only known in Korea and virtually unknown everywhere else. Korea is not the only country that has a national...
View ArticleOmniFaces 2.1 released!
We're proud to announce that today we've released OmniFaces 2.1. OmniFaces is a utility library for JSF that provides a lot of utilities to make working with JSF much easier. OmniFaces 2.1 is the...
View ArticleJSF 2.3 new feature: registrable DataModels
Iterating components in JSF such as h:dataTable and ui:repeat have the DataModel class as their native input type. Other datatypes such as List are supported, but these are handled by build-in...
View ArticleActivating JASPIC in JBoss WildFly
JBoss WildFly has a rather good implementation of JASPIC, the Java EE standard API to build authentication modules. Unfortunately there's one big hurdle for using JASPIC on JBoss WildFly; it has to be...
View ArticleHow Servlet containers all implement identity stores differently
In Java EE security two artefacts play a major role, the authentication mechanism and the identity store. The authentication mechanism is responsible for interacting with the caller and the...
View ArticleThe state of portable authentication for GlassFish, Payara, JBoss/WildFly,...
Almost exactly 3 years ago I took an initial look at custom container authentication in Java EE. Java EE has a dedicated API for this called JASPIC. Even though JASPIC was a mandatory part of Java EE,...
View ArticleLatest versions Payara and WildFly improve Java EE 7 authentication compliance
Two months ago we looked at the state of portable authentication for GlassFish, Payara, JBoss/WildFly, WebLogic and Liberty in Java EE 7. With the exception of WebLogic 12.2.1, most servers performed...
View Article
