Security

Authentication and authorization are the most important aspects of any middleware solution. Any enterprise application should provide a way to authenticate users before letting them in and should also check their authorization before availing any functionality to them.

Although JACC and JASPIC have existed since the early days of Java EE, they have gotten more complicated as a result of their continuous evolution. The need to restructure the Security API was a priority request by Java EE developers over the years and, therefore, the Java Security API 1.0 was introduced in Jakarta EE 8.

In Chapter 9, Securing an Application with Java Security 1.0, we'll learn the concepts and terminology related to this new API and how to get started with it by creating a simple login example. Moreover, we'll take a more in-depth look at basic concepts, such as identity stores, authentication context objects, and authentication mechanisms.