Java EE 8 Authentication and Authorization -- a Podcast Episode with Arjan Tijms 📎
An airhacks.fm conversation with Arjan (@arjan_tijms) about:
"Starting programming with Commodore 64, blog interview about zeef, "Programming in Basic" with the age of 7, Phillips P2000, Simons Basic, Assembly on Commodore 64, defaulting to C, weird main function in C, developing a database to maintain Judo progress and expenses, being a CEO of a kid organization to sell goods on free markets with other kids, SGI Indy, helping sister with recursion in Java, advertisements on websites with awin startup, OrionServer, Java Servlet Development Kit (JSDK) 1.0, Sun One Application Server, Trifork Application Server, Java EE is like operating system for business components, counting cycles for method invocations, From OrionServer to Tomcat, 3 views per server in a 2-3 node cluster, cutting libraries by moving from Tomcat to JBoss in 2 weeks, zanox.de buys awin, discussion about polyglot programming, parsing gigabytes of XML, founding Zeef.com with ten developers, monatenization challenges, starting as tech lead at Payara, JASPIC, JAAS, JACC, from form login to authenticated and authorised user, the relation between JAAS and JAAC, JAAS is about code security and code trust, in JAAC the code is trusted and the user is not trusted, JASPIC is the authentication mechanism, Java EE 8 security is the syntactic sugar around existing security specs, the simplest possible authentication with JSR-375 / Java EE 8 Security, IdentityStores vs. Realm, basic authentication and realm clarification, IdentityStore was missing in Java EE, the whole JSR-375 spec is about 12 classes, the difference between security group and roles, 1:1 role to group mapping is default in Java EE 8."
Arjan's blog, Arjan on omnifaces blog and @omnifaces.