Package jakarta.security.enterprise

package jakarta.security.enterprise

The main Jakarta Security package. This package contains classes and interfaces that span authentication, authorization and identity concerns.

EL Support in annotations

This specification supports the use of expression language 3.0 in annotations. This is described in more detail below:

...Definition annotations

Jakarta Security features several annotations, with names that end with Definition, which, when used, make CDI beans available. For completeness, this concerns the following annotations:

• DatabaseIdentityStoreDefinition
• LdapIdentityStoreDefinition
• BasicAuthenticationMechanismDefinition
• CustomFormAuthenticationMechanismDefinition
• FormAuthenticationMechanismDefinition

For all attributes of type String on these annotations, as well as in the annotations referenced from them (e.g. @{link jakarta.security.enterprise.authentication.mechanism.http.openid.OpenIdProviderMetadata}), Jakarta Expression Language 3.0 expressions can be used. All named CDI beans are available to that expression, as well as the default classes as specified by Expression Language 3.0 for the ELProcessor.

Expressions can be either immediate (${} syntax), or deferred (#{} syntax). Immediate expressions are evaluated once when the bean instance corresponding to the "...Definition" annotation is actually created. Since such beans are application scoped, that means once for the entire application. Deferred expressions are evaluated in each request where the security runtime needs to use the value of these attributes.

Attributes that are documented as being Expression Language alternatives to non-String type attributes (attributes for which the name ends with Expression, hereafter called Expression alternative attribute) MUST evaluate to the same type as the attribute they are an alternative to. If the Expression alternative attribute has a non empty value, it takes precedence over the attribute which it is an alternative to.

The Expression alternative attribute MUST contain a valid Expression Language expression. Attributes of type string that are not Expression alternative attributes can contain either an expression or a string value that is not an expression.

Jakarta Interceptors annotations

Jakarta Security features several annotations with attributes that denote Jakarta Interceptors. For completeness, this concerns the following annotations:

• LoginToContinue
• RememberMe

Expression Language is supported for these annotations as well, but in a slightly different way. See the javadoc of both these annotations for how the expression language support differs.

Version:

1.0

Related Packages

Package	Description
jakarta.security.enterprise.credential	The Identity Store Credential API package.
jakarta.security.enterprise.identitystore	The identity store API package.

Class	Description
AuthenticationException	A generic authentication exception.
AuthenticationStatus	The AuthenticationStatus is used as a return value by primarily the HttpAuthenticationMechanism to indicate the result (status) of the authentication process.
CallerPrincipal	Principal that represents the caller principal associated with the invocation being processed by the container (e.g.
SecurityContext	The SecurityContext provides an access point for programmatic security; an injectable type that is intended to be used by application code to query and interact with Jakarta Security.