soteria
soteria copied to clipboard
eclipse-ee4j
Soteria, a Jakarta Security implementation
Hi We used Eclipse Soteria in our project and after migration to 3.0 (Jakarta EE 10) our project failed to compile because these public methods where removed: import static org.glassfish.soteria.mechanisms.jaspic.Jaspic.deregisterServerAuthModule;...
`JSF 3.0.2 + Weld 4.0.2 + Soteria 2.0.1 on Tomcat 10.0.14 on latest OpenJDK 17` Soteria print the following line on the Log during Tomcat startup: `[org.glassfish.soteria.servlet.SamRegistrationInstaller onStartup] Initializing Soteria...
When trying to get auth0, I clone this project and add some debug info the following piece in the https://github.com/eclipse-ee4j/soteria/blob/master/impl/src/main/java/org/glassfish/soteria/mechanisms/openid/domain/AccessTokenImpl.java#L63, the `jwtClaimsSet.getClaims()`is possible when tokenJWT is a EncryptedJWT. ```java try...
SubjectParser is not returning custom principals from EJBContext. SecurityContext.getCallerPrincipal delegates to [EJBContext.getCallerPrincipal](https://github.com/eclipse-ee4j/soteria/blob/24a427c19f3600e1738946c2d46ec904842e0549/impl/src/main/java/org/glassfish/soteria/authorization/spi/impl/SubjectParser.java#L451) which obtains the custom principal correctly. This principal is then not returned because it is not of CallerPrincipal...
On an OIDC Callback i.e. http://localhost:8080/MyApplication/index.html?code=0.AXMAlS8XEZqje0-SJMahHR5cJCFY7Ad5WTJDkKCbZUg-0LdzAH8.... the following line (160) in HttpServletRequestDelegator.java String[] values = requestData.getParameters().get(name); throws a java.lang.NullPointerException when accessing a request parameter which is not in the GET...
The beanClass attribute of CDI beans is currently configured in a way that results in incorrectly identifying implementation class of synthetic beans. The beanClass attribute of beans is used by...
When trying to get auth0, I clone this project and add some debug info the following piece in the https://github.com/eclipse-ee4j/soteria/blob/master/impl/src/main/java/org/glassfish/soteria/mechanisms/openid/domain/AccessTokenImpl.java#L63, it always failed, but there is no helpful error message....
I tried to use EL in `@OpenIdProviderMetadata/jwksURI`, but it failed due to a failure to resolve the EL in the string. I think all attributes in @OpenIdProviderMetadata should accept EL....
Glassfish 7.0.0-M7, Java 17 Sample project: https://github.com/hantsy/jakartaee10-sandbox/tree/master/security-oidc When running this by `mvn clean package cargo:run`, and navigate to http://localhost:8080/security-oidc-examples/ It will pop up a Brower basic prompt to input username...
It would be better to review how much needs to be eagerly loaded and how much can be deferred until deemed necessary for the deployment. Although identified due to the...
