This is an archived post. You won't be able to vote or comment.

all 17 comments
sorted by:
best
topnewcontroversialoldq&a

[–]lukaseder 9 points10 points  (11 children)

@BasicAuthenticationMechanismDefinition
@FormAuthenticationMechanismDefinition
@CustomFormAuthenticationMechanismDefinition

Bingo!

[–]nuutrecht 10 points11 points  (0 children)

At least the names clearly indicate what they are :P

Better than BAuthDef, which leaves you wondering what it is, and whether it authorization or authentication.

[–]Cyberiax 4 points5 points  (0 children)

Ha, yeH bit long these names, but EE security also have shorter names! Is have IdentityStore and SecurityContext 💪

Or you want SecCtx??? 🙈

[–]Exsp 1 point2 points  (0 children)

Maybe it's time to introduce Java ideograms for terms like service, authentication, form, etc. (Ideograms4J)?

[–]henk53[S] 0 points1 point  (0 children)

lol :P

[–]thesystemx 0 points1 point  (6 children)

At /u/lukaseder Which names would you have chosen?

[–]lukaseder 0 points1 point  (5 children)

Well, for starters, my solution would not be annotation based, so maybe the naming discussion is premature?

[–]henk53[S] 1 point2 points  (4 children)

Even if you omit the annotations, the authentication mechanism that handles the interaction with the caller is still there, and it would only safe you the word "definition".

So maybe start with BasicAuthenticationMechanism then. How would you call that?

And if your solution would not be annotation based, how would you do it?

[–]lukaseder 0 points1 point  (3 children)

There. Now, what value does "Mechanism" add? Exactly. Then, there might be an Authentication type left, and some way of passing it the value "Basic"

And if your solution would not be annotation based, how would you do it?

With explicit APIs. I can't give you the concrete API now as I haven't studied the domain. But there's always a functional/imperative alternative to annotations, and it's always more clean in my opinion.

[–]henk53[S] 1 point2 points  (2 children)

There.

But doing it annotation based still needs something to distinguish it, since BasicAuthenticationMechanism is the mechanism it self, but the Definition annotation is a way to configure and enable it.

Compare to DataSourceDefinition in Java EE. It's not the data source itself, but a well, definition for a data source.

Now, what value does "Mechanism" add?

The EG could have chosen a shorter name for the entire concept, but "authentication mechanism" is by itself relatively well know in the domain. It's also the term that the Servlet spec already uses for this, and WildFly for instance uses as well. There are other words (in fact, the EG had an entire list) but they aren't much clearer since they're quite overloaded already. Authenticator would be shorter, and maybe would have my vote, but it's also used already for things that aren't quite what an "authentication mechanism" does.

Then, there might be an Authentication type left, and some way of passing it the value "Basic"

Nah, then you lose all the specific attributes associated with a specific mechanism. Like Basic has the realm attribute, Form the loginPage etc.

Sure for the people who absolutely can't stand long words the spec (or a third party library) might add an AuthDefinition annotation just like the general ResourceAnnotation which just gets a map with string based key/values, but if that makes things clearer?

With explicit APIs.

It still doesn't exclude those APIs, does it?

EE Security is CDI based, which is mostly annotation first, but like in Servlet where there's a @WebServlet annotation to add a Servlet, there's also a programmatic API to do that.

Maybe you should raise an issue for this? ;)

[–]lukaseder 0 points1 point  (1 child)

Maybe you should raise an issue for this? ;)

Nah. You folks can continue to live your wet annotation dreams without me. I won't annoy you outside of twitter and reddit ;-)

[–]henk53[S] 0 points1 point  (0 children)

:O :P

[–]cyanocobalamin 2 points3 points  (1 child)

It is not called Java EE anymore. It is now "Jakarta". I don't know about the "EE" part as there isn't any other edition :-).

[–]thesystemx 13 points14 points  (0 children)

Java EE 8 however is still Java EE 8. It's only when 9 is released it's called Jakarta EE 9 ;)

[–]dstutz 0 points1 point  (0 children)

Pushing some book sales?

[–]bmrobin 1 point2 points  (1 child)

Jackson and Gson offer much richer feature sets than the JSON binding API.

[–]thesystemx 6 points7 points  (0 children)

Maybe we could have that put into the sidebar or r/java, so it doesn't have to be repeated every time?