jakarta.security.enterprise.package-info Maven / Gradle / Ivy
/*
* Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
* http://www.eclipse.org/legal/epl-2.0.
*
* This Source Code may also be made available under the following Secondary
* Licenses when the conditions for such availability set forth in the
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
* version 2 with the GNU Classpath Exception, which is available at
* https://www.gnu.org/software/classpath/license.html.
*
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
*/
/**
* The main Jakarta Security package. This package contains classes and interfaces that span authentication,
* authorization and identity concerns.
*
* EL Support in annotations
*
* This specification supports the use of expression language 3.0 in annotations. This is described in more detail
* below:
*
* ...Definition annotations
*
* Jakarta Security features several annotations, with names that end with Definition, which, when used,
* make CDI beans available. For completeness, this concerns the following annotations:
*
*
* - {@link jakarta.security.enterprise.identitystore.DatabaseIdentityStoreDefinition}
* - {@link jakarta.security.enterprise.identitystore.LdapIdentityStoreDefinition}
* - {@link jakarta.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition}
* - {@link jakarta.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition}
* - {@link jakarta.security.enterprise.authentication.mechanism.http.FormAuthenticationMechanismDefinition}
*
*
* For all attributes of type String on these annotations, Jakarta Expression Language 3.0 expressions can
* be used. All named CDI beans are available to that expression, as well as the default classes as specified by
* Expression Language 3.0 for the {@link ELProcessor}.
*
*
* Expressions can be either immediate (${} syntax), or deferred (#{} syntax). Immediate
* expressions are evaluated once when the bean instance corresponding to the "...Definition" annotation is actually
* created. Since such beans are application scoped, that means once for the entire application. Deferred expressions
* are evaluated in each request where the security runtime needs to use the value of these attributes.
*
*
* Attributes that are documented as being Expression Language alternatives to non-String type attributes
* (attributes for which the name ends with Expression, hereafter called Expression alternative attribute) MUST
* evaluate to the same type as the attribute they are an alternative to. If the Expression alternative attribute has a non
* empty value, it takes precedence over the attribute which it is an alternative to.
*
*
* The Expression alternative attribute MUST contain a valid Expression Language expression. Attributes of type
* string that are not Expression alternative attributes can contain either an expression or a string value
* that is not an expression.
*
*
Jakarta Interceptors annotations
*
* Jakarta Security features several annotations with attributes that denote Jakarta Interceptors. For completeness,
* this concerns the following annotations:
*
*
* - {@link jakarta.security.enterprise.authentication.mechanism.http.LoginToContinue}
* - {@link jakarta.security.enterprise.authentication.mechanism.http.RememberMe}
*
*
*
* Expression Language is supported for these annotations as well, but in a slightly different way. See the javadoc of
* both these annotations for how the expression language support differs.
*
* @version 1.0
*/
package jakarta.security.enterprise;
import jakarta.el.ELProcessor;