Java 8 has brought to the table Java EE Security API which is truly a great step forward in this. But what this is, is a rebranding, but not a totally casual one. Now, the Jakarta Security is automatically going to be there when you use the Payara platform. Security is a very important thing, but the thing is that securing server platforms can be rather complex. As there are a lot of moving parts, both in terms of hardware and software. That does make things quite a bit more complicated.
That’s where this particular API comes as a true solution to this. You’re going to have full standardization which will make it easy to reconfigure all security measures.
The question that comes after this is – where does Payara exactly come into the picture. And that’s pretty simple, once you start using the Payara server platform. The Jakarta security is going to come with that by default.
So, let’s get into the article further and cover more details on this.
Commission of Tomcat with Soteria Upfront in Java EE Security API
When talking of Jakarta security, I must mention that this is based out of the Jakarta EE. But the real question is whether it is going to work with Tomcat or not. As both of these are pretty popular in the tech community. And people have been wondering about this for some time as of now.
Let’s talk about Tomcat a little bit, before we get into anything else in this. This particular server technology uses the Servlet, the Servlet Container Profile to be specific.
The language of expression in this case is also going to be there.And because of this you’ll need to add CDI with Tomcat.
Now, there’s going to be no need to make any inclusion of any kind of dependency of APIs.
Only thing is that, it should be enough for running the operations and making sure that they’re working properly.
But while that’s going on, there’s a hack that I must point out here, which a lot users apply. And that has to do with the Servlet with which you’re going to be able to override the classes. Just copy the CdiUtils.java file of off the Soteria source into a package of the same name.
As this is operational, the different bits and components are going to start picking up into the server log. You’re going to see a dialogue box which is going to ask you to carry out the browser extension. So, you’ll have to do it from there only.
Using the JWT Authentication Mechanism with Java EE Security API
In order for this to work, it’s the Payara MP JWT that’s going to come into play. Where this is going to be the first MP JWT from the standard API only.
But the thing is that, it will make all the dependencies from the list rely on the APIs completely.
The list that is coming into play here is the pom.xml list. And there is going to be a complete dependency section there. Now as far as the request for this goes, we’re going to have JWT token in the authorisation header section.
Other than that, the JACC dependency is the one that is going to be missing by default. Soteria makes use of this to implement the functions of the Jakarta security. The best thing that the Tomcat part can do here is to implement the Servlet from here.
To get close to that, you can put together the web.xml by yourself. And then look up the security annotations from there only.
But if I have to mention what the best thing to do is in this case. Then it’s definitely Tomcat implementing the Servlet extensions by itself. And now, the public edition of the Soteria SPI would be able to make the best out of these APIs.
Jakarta Security working with the Payara Platform
To make these two work together, there’s nothing different that you should do. There are a lot of step by step video tutorials which you can consult to make things work.
With that, you’ll be able to implement all of these things together and get all the benefits from that. You can also adopt the manual approach to make Jakarta Security work with Tomcat.
But more or less, this is going to be rather simple combination to use for handling all data.
Thus you can see that this is a great thing that has happened in server technology. From this, there are a lot of cool possibilities that are going to come up.
We’ll get to see more and more big companies adopt the use of this, for the ultimate technological advantage. And there’s going to be a total trickle down from there where SMEs will use this as well.
So, this is all that you need to know about Java EE Security API. And then how this would fit into the bigger technological future.