Explore the latest developments in Java EE security with this comprehensive conference talk. Delve into the current state of JSR-375, its major features, and APIs. Learn about the remaining technical issues and potential future enhancements targeting cloud deployments. Gain insights from Will Hopkins, a Security Architect at Oracle Corporation, as he discusses WebLogic Server Security, Java EE Security, and Cloud Security. Discover common principles, HTTP authentication mechanisms, identity store concepts, security contexts, and authentication processes. Examine the results of the Java EE survey and explore emerging topics such as secrets management, encryption, OAuth, and OpenID Connect. Understand the requirements for authorization interceptors and secrets aliases. Find out how to contribute to the ongoing development of Java EE security and stay informed about the latest advancements in this critical field.
Overview
Syllabus
Introduction
Agenda
Expert Group
JSR375 History
Manage Control Security
What was originally proposed
Whats left to do
Common Principles
HTTP Authentication Mechanism
HTTP Authentication Container
Secure Responses
Identity Store
Identity Store Handler
Identity Store Handler Algorithm
Identity Store Discussion
Security Context
Authentication
SecurityContext
Whats Next
Java EE Survey
Secrets Management Encryption
OAuth II
Scopes
Requirements
Authorization Interceptor
Secrets Interceptor
Secrets aliases
More information
How to contribute
OpenID Connect
Taught by
Devoxx
