|
39 | 39 | */ |
40 | 40 |
|
41 | 41 | /** |
42 | | - * The main Java EE Security API package. This package |
43 | | - * contains classes and interfaces that span authentication, |
| 42 | + * The main Java EE Security API package. This package contains classes and interfaces that span authentication, |
44 | 43 | * authorization and identity concerns. |
| 44 | + * |
| 45 | + * <h2>EL Support in annotations</h2> |
| 46 | + * |
| 47 | + * This specification supports the use of expression language 3.0 in annotations. This is described in more detail below: |
| 48 | + * |
| 49 | + * <h3>...Definition annotations</h3> |
| 50 | + * |
| 51 | + * The Java EE Security API features several annotations ending on <code>Definition</code> which when used make CDI |
| 52 | + * beans available. For completeness, this concerns the following annotations: |
| 53 | + * |
| 54 | + * <ul> |
| 55 | + * <li>{@link javax.security.enterprise.identitystore.DatabaseIdentityStoreDefinition}</li> |
| 56 | + * <li>{@link javax.security.enterprise.identitystore.LdapIdentityStoreDefinition}</li> |
| 57 | + * <li>{@link javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition}</li> |
| 58 | + * <li>{@link javax.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition}</li> |
| 59 | + * <li>{@link javax.security.enterprise.authentication.mechanism.http.FormAuthenticationMechanismDefinition}</li> |
| 60 | + * </ul> |
| 61 | + * |
| 62 | + * For all attributes of type <code>String</code> on these annotations expression language 3.0 expressions can be used. |
| 63 | + * All named CDI beans are available to that expression as well as the default classes as specified by EL 3.0 for the |
| 64 | + * {@link ELProcessor}. |
| 65 | + * |
| 66 | + * <p> |
| 67 | + * Expressions can be either immediate (<code>${}</code> syntax), or deferred (<code>#{}</code> syntax). Immediate |
| 68 | + * expressions are evaluated once when the bean instance corresponding to the "...Definition" annotation is actually created. |
| 69 | + * Since such beans are application scoped, that means once for the entire application. Deferred expressions are evaluated in |
| 70 | + * each request where the security runtime needs to use the value of these attributes. |
| 71 | + * |
| 72 | + * <p> |
| 73 | + * Attributes that are documented as being EL alternatives to non-<code>String</code> type |
| 74 | + * attributes (attributes of which the name ends on <code>Expression</code>, hereafter called EL alternative attribute) |
| 75 | + * MUST evaluate to the same type as the attribute they are an alternative to. If the EL alternative attribute has a |
| 76 | + * non empty value, it takes precedence over the attribute which it is an alternative to. |
| 77 | + * |
| 78 | + * <p> |
| 79 | + * The EL alternative attribute MUST contain a valid EL expression. Attributes of type string that are not EL alternative |
| 80 | + * attributes can contain either an expression or a string value that is not an expression. |
| 81 | + * |
| 82 | + * <h3>Interceptor annotations</h3> |
| 83 | + * |
| 84 | + * The Java EE Security API features several annotations with attributes that denote interceptor spec interceptors. |
| 85 | + * For completeness, this concerns the following annotations: |
| 86 | + * |
| 87 | + * <ul> |
| 88 | + * <li>{@link javax.security.enterprise.authentication.mechanism.http.LoginToContinue}</li> |
| 89 | + * <li>{@link javax.security.enterprise.authentication.mechanism.http.RememberMe}</li> |
| 90 | + * </ul> |
| 91 | + * |
| 92 | + * <p> |
| 93 | + * Expression language is supported for these annotations as well, but in a slightly different way. |
| 94 | + * See the javadoc of both these annotations for how the expression language support differs. |
45 | 95 | * |
46 | 96 | * @version 1.0 |
47 | 97 | */ |
48 | 98 | package javax.security.enterprise; |
49 | 99 |
|
| 100 | +import javax.el.ELProcessor; |
0 commit comments