Ondro Mihályi

Hi @hantsy , I agree with @pzygielo, this isn't an issue in GlassFish. It looks like Derby DB doesn't support the `WEEK` function. I recommend to either raise an issue...

@hantsy , what @pzygielo means it that the `ClassNotFoundException` happens on the Arquillian (test client) side, because GlassFish throws an exception of type `org.apache.derby.client.am.SqlException`, which Arquillian tries to serialize to...

For now, I think what best documents it is the TCK test and some hints in the Javadoc: * The Javadoc for [SecurityContext.hasAccessToWebResource()](https://jakarta.ee/specifications/security/3.0/apidocs/jakarta.security/jakarta/security/enterprise/securitycontext#hasAccessToWebResource(java.lang.String,java.lang.String...)) contains the following in the documentation of...

I think this is also related: https://github.com/jakartaee/security/issues/188 We should think about what we're trying to address here and find the best solution that addresses most issues. E.g., the usecase I'd...

Is there any progress with this issue? I created this proposal to support injection of built-in authentication mechanisms into a custom mechanism, which could be a light-weight solution to having...

> The "handler" is the one that handles the multiple other authentication mechanisms. A default can be provided (that just calls the one and only available one) with default behaviour...

So, what do you think about my proposal in https://github.com/jakartaee/security-examples/pull/11 about injecting built-in auth mechanisms into a custom HAM? I think it's a simpler solution than supporting a HAM strategy....

I also have an example test in Soteria here, with slightly modified API, which doesn't require changes in Security API: https://github.com/OndroMih/soteria/blob/ondromih-auth-mech-injection-proposal/test/app-auth-mech-injection/src/main/java/org/glassfish/soteria/test/client/DelegatingAuthMechanism.java#L23 It doesn't pass because Soteria doesn't implement it yet,...

I think that the combination of https://github.com/jakartaee/security/issues/309 and https://github.com/jakartaee/security/issues/311 already addresses this. The combination of those allows creating 2 different authentication mechanisms, or just define 2 standard auth mechanisms annotated...

@m-reza-rahman, I think that this is also a good base for aligning MP JWT and Jakarta Security. The only thing missing is to have an authentication mechanism compatible with MP...