Skip navigation links

Package jakarta.security.enterprise

The main Jakarta Security package.

See: Description

Package jakarta.security.enterprise Description

The main Jakarta Security package. This package contains classes and interfaces that span authentication, authorization and identity concerns.

EL Support in annotations

This specification supports the use of expression language 3.0 in annotations. This is described in more detail below:

...Definition annotations

Jakarta Security features several annotations, with names that end with Definition, which, when used, make CDI beans available. For completeness, this concerns the following annotations: For all attributes of type String on these annotations, as well as in the annotations referenced from them (e.g. @{link jakarta.security.enterprise.authentication.mechanism.http.openid.OpenIdProviderMetadata}), Jakarta Expression Language 3.0 expressions can be used. All named CDI beans are available to that expression, as well as the default classes as specified by Expression Language 3.0 for the ELProcessor.

Expressions can be either immediate (${} syntax), or deferred (#{} syntax). Immediate expressions are evaluated once when the bean instance corresponding to the "...Definition" annotation is actually created. Since such beans are application scoped, that means once for the entire application. Deferred expressions are evaluated in each request where the security runtime needs to use the value of these attributes.

Attributes that are documented as being Expression Language alternatives to non-String type attributes (attributes for which the name ends with Expression, hereafter called Expression alternative attribute) MUST evaluate to the same type as the attribute they are an alternative to. If the Expression alternative attribute has a non empty value, it takes precedence over the attribute which it is an alternative to.

The Expression alternative attribute MUST contain a valid Expression Language expression. Attributes of type string that are not Expression alternative attributes can contain either an expression or a string value that is not an expression.

Jakarta Interceptors annotations

Jakarta Security features several annotations with attributes that denote Jakarta Interceptors. For completeness, this concerns the following annotations:

Expression Language is supported for these annotations as well, but in a slightly different way. See the javadoc of both these annotations for how the expression language support differs.

Skip navigation links