Skip to main content

Custom Identity Store with Jakarta Security in TomEE

By Jakarta EE, TomEE No Comments

In the previous post, we saw how to use the built-in ‘tomcat-users.xml’ identity store with Apache TomEE. While this identity store is inherited from Tomcat and integrated into Jakarta Security implementation in TomEE, this is usually good for development or simple deployments, but may appear too simple or restrictive for production environments.  This blog will focus on how to implement your own identity store. TomEE can use LDAP or JDBC identity stores out of the box. We will try them out next time. Let’s say you have your own file store or your own data store like an in-memory data…

Read More

Using Tomcat’s `tomcat-users.xml` with Jakarta Security in TomEE

By Jakarta EE, Tomcat, TomEE No Comments

While working on Jakarta EE 10 certification (See announcement Apache Tomee Jakarta EE certified after 10 years, Apache TomEE implemented Jakarta Security specification.  Currently, there is only one implementation used in Glassfish and used by all the other vendors for Jakarta Security. In TomEE, we decided to create an alternative to bring some diversity, and have an Apache implementation. What is Jakarta Security? Jakarta Security defines a standard for creating secure Jakarta EE applications in modern application paradigms. It defines an overarching (end-user targeted) Security API for Jakarta EE Applications. Jakarta Security builds on the lower level Security SPIs defined…

Read More

Understanding Jakarta Security with TomEE

By Apache TomEE, Jakarta EE, Tomcat 2 Comments

There are many blogs explaining how to get Jakarta Security on Tomcat using all sorts of libraries and wiring everything manually. So many opportunities to get it wrong, if you are evaluating or currently using Apache TomEE. In TomEE, the good news is that, like JAX-RS, CDI or Bean Validation, Jakarta Security is out of the box ready to be used like Servlet, and CDI for example. This blog is a high-level view so you have the big picture of the technologies and how they interact with each other in the security landscape. The goal is to be able to…

Read More

JakartaONE Brazil 2020: Como alavancar microservices com TomEE e MicroProfile para ajudar a indústria médica no Brasil.

By Apache TomEE, Jakarta EE, JakartaONE, JakartaONE Brazil, TomEE, Tribers vTour No Comments
No dia 29 de agosto, aconteceu o JakartaOne Livestream Brazil. Foi uma conferência virtual de um dia para desenvolvedores e líderes técnicos trazendo o estado atual e futuro de Jakarta EE e tecnologias relacionadas, com foco no desenvolvimento de aplicativos nativos em nuvem corporativa. A participação foi ótima, com cerca de 200 pessoas conectadas continuamente. Nosso parceiro no Brasil, Rafael Guimares, CEO of GBR Sistemas, falou sobre como eles alavancaram microservices com TomEE para ajudar a indústria médica no Brasil. Graças à sua experiência, a equipe de Rafael foi capaz de construir rapidamente um novo aplicativo para suporte à telemedicina no contexto do Coronavírus (consulta...
Read More

MicroProfile: How it has evolved and where it’s headed?

By Jakarta EE, Java EE, MicroProfile, Open Source No Comments

About a year ago, I wrote a blog post about MicroProfile that explained what it is and why it was created. The explanation of what it is and why it was created is still valuable, but MicroProfle evolves rapidly, so it’s time to talk about where we are at, what’s new, and what to expect in the next few months. MicroProfile Today As per June 2019, MicroProfile 3.0 has been released with the following content.   MicroProfile 1.4 release from last year MicroProfile 3.0 release from this year   Updated versions of Metrics and Health Check introduced breaking API changes….

Read More

MicroProfile JSON Web Token (JWT)

By MicroProfile, Open Source No Comments

In the post, “What is Eclipse MicroProfile”, we explained what Eclipse MicroProfile is and why it’s important. MicroProfile is made up of several specifications. In this post, I’ll explain the JSON Web Tokens (JWT), the MicroProfile JWT specification, and how it can be used to implement stateless security in microservices. I’ll also talk about the extensibility and flexibility of MicroProfile with claims. Tomitribe has been helping companies implement REST services for years and one of the most common problems our clients have is deciding how to implement authentication and authorization. The development of MicroProfile and its use of JWT is…

Read More

What is Eclipse MicroProfile?

By Community, Eclipse Foundation, MicroProfile No Comments
Eclipse MicroProfile defines itself as: The MicroProfile is a baseline platform definition that optimizes Enterprise Java for a microservices architecture and delivers application portability across multiple MicroProfile runtimes.  -- MicroProfile FAQ Java for Enterprise applications are usually built on two options: Spring Framework and Java EE. Java EE created a set of specifications defined first by Sun Microsystems and then by Oracle through the Java Community Process. Specifications were meant to facilitate vendor agnostic development and deployment. During the last 5 years, the Java EE platform has become stable and mature resulting in less frequent releases. Java EE has also...
Read More

Tomitribe at EclipseCon France

By Community, MicroProfile, Open Source No Comments

I had the privilege of being invited to speak at EclipseCon France (June 13th & 14th) about Microprofile, microservices, and JWT.  The conference took place in Toulouse and being from France I have been there a couple of times, but never took the time to enjoy it. The architecture is beautiful, the city clean, and the people nice. Don’t know if it was because it was the beginning of summer or not, but I found the city very active and alive in the evenings. The conference was held at the convention center downtown. The venue is large and well organized. There were…

Read More

TomEE Security Episode 1: Apache Tomcat and Apache TomEE Security Under the Covers

By Apache TomEE One Comment

Introduction and Scope Security is often of great concern and should be high on the list of any project goals. It covers a vast domain and Apache Tomcat, which relates directly to Apache TomEE, is no different in this regard. This first in a series of security related blog posts is not intended to be exhaustive, but aims at providing you with some insight into how Apache Tomcat and Apache TomEE security works. Apache TomEE provides much more than just Servlets or JSP’s, as it does when it comes to the security related elements. The second post will focus more on…

Read More