Elytron vs Soteria in Wildfly13

michael_jank Jun 13, 2018 10:15 AM

Of course the presence of Elytron as new security implementation was expected, but now I am a bit confused finding beside the JAAS JDK mechanism as it seems 2 security implementations in wildfly: Elytron and Soteria.

I would have assumed that the EE8 API is backed by Elytron somehow, that e.g. FormAuthenticationMechanism implements javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism not org.wildfly.security.http.HttpServerAuthenticationMechanism.

Whats the reason to have 2 implementations? Is it planned/possible to move the Elytron implementation closer to the standard in upcoming wildfly releases?

The topic reminds me a bit of comparing the jax-rs Resteasy implementation to Jersey.

I think I understand that Elytron of course enriches the standard by featuring out-of-the-box authentication mechanisms, identity change, SSL...

Could you please bring a bit light to

if my impression of the parallel existence of Elytron and Soteria is correct
future plans with Elytron
critical Elytrons features on top of the standard I maybe overlook

Thank you!

1. Re: Elytron vs Soteria in Wildfly13

honza889 Jun 14, 2018 1:39 PM (in response to michael_jank)

Hi, yes, the reason why was elytron-specific HttpServerAuthenticationMechanism created is the standard interface has not existed yet. Now when there is a standard, migration to standard HttpAuthenticationMechanism interface can be considered. (At least we had in plan to migrate to standard interface when the standard will be available.)
1 of 1 people found this helpful
Actions