1 Reply Latest reply on Jun 14, 2018 1:39 PM by Jan Kalina

    Elytron vs Soteria in Wildfly13

    Michael Jank Newbie

      Of course the presence of Elytron as new security implementation was expected, but now I am a bit confused finding beside the JAAS JDK mechanism as it seems 2 security implementations in wildfly: Elytron and Soteria.


      I would have assumed that the EE8 API is backed by Elytron somehow, that e.g. FormAuthenticationMechanism implements javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism not org.wildfly.security.http.HttpServerAuthenticationMechanism.

      Whats the reason to have 2 implementations? Is it planned/possible to move the Elytron implementation closer to the standard in upcoming wildfly releases?


      The topic reminds me a bit of comparing the jax-rs Resteasy implementation to Jersey.

      I think I understand that Elytron of course enriches the standard by featuring out-of-the-box authentication mechanisms, identity change, SSL...


      Could you please bring a bit light to

      • if my impression of the parallel existence of Elytron and Soteria is correct
      • future plans with Elytron
      • critical Elytrons features on top of the standard I maybe overlook


      Thank you!

        • 1. Re: Elytron vs Soteria in Wildfly13
          Jan Kalina Newbie

          Hi, yes, the reason why was elytron-specific HttpServerAuthenticationMechanism created is the standard interface has not existed yet. Now when there is a standard, migration to standard HttpAuthenticationMechanism interface can be considered. (At least we had in plan to migrate to standard interface when the standard will be available.)

          1 of 1 people found this helpful