Java EE Security API is one of the new APIs in Java EE 8. With Java EE currently being transferred and rebranded to Jakarta EE, this API will soon be rebranded to Jakarta Security, which is the term we'll use in this article. Jakarta Security is part of the Jakarta APIs, included and active in the Payara Platform by default with no configuration required in order to use it. With some effort, Jakarta Security can be used with Tomcat, as well.  

Payara Tools 1.0 Eclipse Plugin just got a small, but important update for JDK 11 users.

Summer is coming, and Payara Platform 192 is already here! Here's a sampling of the new features, enhancements, fixes, and updates you can expect in this release:

 

 

Java EE 8 introduced a new API called the Java EE Security API (see JSR 375) or "EE Security" in short.

 

This new API, perhaps unsurprisingly given its name, deals with security in Java EE.  Security in Java EE is obviously not a new thing though, and in various ways it has been part of the platform since its inception.

 

So what is exactly the difference between EE Security and the existing security facilities in Java EE? In this article we'll take a look at that exact question.

 

Payara and GlassFish have supported classic remote EJB since its inception. Classic remote EJB uses RMI-IIOP (Remote Method Invocation over Internet Inter-ORB Protocol ) for transport and CSIv2 (Common Secure Interoperability Protocol Version 2) for security.

 

Today Eclipse GlassFish 5.1 has been released, and unlike the modest increase in version number might suggest, this truly marks a major milestone. Not just for the GlassFish project itself, but for Java EE and moving Jakarta EE forward even more.

As presumably well known by now, Java EE is in progress of being transferred to the Eclipse Foundation. A lot of work, partially behind the scenes, has been done to make his happen. This work included discussions between vendors and other interested individuals, the vetting of the code in the Java EE repo at GitHub, actually transferring the code from the Java EE repo to the Eclipse repo, and most recently the preparation of the transferred code to be buildable on Eclipse Foundation infrastructure and changing the Maven coordinates over from javax.* to jakarta.*

 

Java SE comes with many security primitives upon which Java EE builds. JAAS for instance is a well known API in this context, from which Java EE uses the Principal, Subject and to some degree the LoginModule types. The Java EE security APIs JACC and JASPIC make direct use of these types.