Security Connectors
Security Connectors are a collection of Jakarta EE Security adapters that implements industry-standard security protocols, specifications and integrates with third-party security artifacts & components.
The available connectors on Maven central are:
OpenId Connect Client
Implements OpenId Connect standard protocol by implementing Jakarta EE Security
HTTP Authentication Mechanism
and Identity Store
for authentication & authorization using @OpenIdAuthenticationDefinition
annotation
and also provides access to the user’s profile info, Identity token, Access token,
& Refresh token using CDI-based injection.
Maven Coordinates: fish.payara.security.connectors:security-connector-oidc-client
OAuth 2.0 Client:
Implements OAuth 2.0 standard protocol by implementing Jakarta EE Security
HTTP Authentication Mechanism
and Identity Store
for authorization using @OAuth2AuthenticationDefinition
annotation and provides
access to the Identity token and Access token using CDI-based injection.
Maven Coordinates: fish.payara.security.connectors:security-connector-oauth2-client
Payara Platform Enterprise also provides the built-in Yubikey Authentication Mechanism. This allows authentication through a hardware device. This type of authentication removes some need of using credentials and requires authenticating using a physical token in a very secure way. |
Standalone Variants of Connectors
Standalone connectors provide the same functionality as standard connectors. But while the standard connectors are built to be integrated with Payara Platform runtimes (e.g. Payara Server), the standalone connectors are built to be safely included in the applications deployed to a Payara Platform runtime without any conflicts with the connectors in the runtime. This is done by shading the classes in the connector and all its dependencies so that is in a different package name.
Adding a Standalone Connector
A standalone connector can be added to your application as a JAR library (or as a compile-time dependency in a WAR Maven project). To use it, follow the documentation of the standard connectors but use the fish.payara.security.connectors
package instead of the fish.payara.security
to import the classes.
OpenID Connect standalone connector has a standalone variant. For more information, click here. |
If you’d like to use a newer version of a connector on one of the Payara Platform runtimes which already contains an older version of the container, you need to either add a standard container into your application and disable classloading delegation (Disabling Classloading delegation) or add a standalone variant of the container in your application. |