Of course the presence of Elytron as new security implementation was expected, but now I am a bit confused finding beside the JAAS JDK mechanism as it seems 2 security implementations in wildfly: Elytron and Soteria.
I would have assumed that the EE8 API is backed by Elytron somehow, that e.g. FormAuthenticationMechanism implements javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism not org.wildfly.security.http.HttpServerAuthenticationMechanism.
Whats the reason to have 2 implementations? Is it planned/possible to move the Elytron implementation closer to the standard in upcoming wildfly releases?
The topic reminds me a bit of comparing the jax-rs Resteasy implementation to Jersey.
I think I understand that Elytron of course enriches the standard by featuring out-of-the-box authentication mechanisms, identity change, SSL...
Could you please bring a bit light to
Hi, yes, the reason why was elytron-specific HttpServerAuthenticationMechanism created is the standard interface has not existed yet. Now when there is a standard, migration to standard HttpAuthenticationMechanism interface can be considered. (At least we had in plan to migrate to standard interface when the standard will be available.)