Skip to content
This repository was archived by the owner on Jan 28, 2019. It is now read-only.

Commit c3682ed

Browse files
committed
Will review comments
1 parent e2be185 commit c3682ed

1 file changed

Lines changed: 5 additions & 5 deletions

File tree

src/main/jbake/content/security-intro003a.adoc

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ is called for the response before it is sent. In contrast to the Servlet
5454
Container Profile, `validateRequest()` processing for SOAP messages typically involves
5555
verifying signatures on signed elements, decrypting encrypted elements, and/or
5656
establishing the identity of a SOAP actor based on a token included in the message,
57-
whereas `secureResponse()` typically involves signing and/or encrypting all or part
57+
while `secureResponse()` typically involves signing and/or encrypting elements
5858
of the outbound message.
5959

6060
JASPIC does not define any standard or built-in ServerAuthModules; they must be
@@ -76,7 +76,7 @@ to a web application. It defines three methods that correspond to the methods of
7676
JASPIC `ServerAuthModule`, albeit with slightly different signatures.
7777
An `HttpAuthenticationMechanism` provides similar functionality to a `ServerAuthModule`,
7878
and the Servlet Container uses a special `ServerAuthModule` to invoke the
79-
HttpAuthenticationMechanism's methods, but HttpAuthenticationMechanisms are much
79+
HttpAuthenticationMechanism's methods, but HttpAuthenticationMechanisms are
8080
simpler to write, and to deploy, than are ServerAuthModules.
8181
8282
* `IdentityStore` - This interface defines methods for validating a caller's
@@ -87,17 +87,17 @@ specific order and aggregates the results.
8787
8888
* `RememberMeIdentityStore` - This interface is a variation on the `IdentityStore`
8989
interface, intended specifically to address cases where an authenticated user's
90-
identity should be remembered for an extended period of time so that the caller
90+
identity should be remembered for an extended period of time, so that the caller
9191
can return to the application periodically without needing to present primary
9292
authentication credentials each time.
9393
9494
Implementations of these SPI interfaces are CDI beans, and, as such, applications
9595
can provide implementations that support application-specific authentication
9696
mechanisms, or validate user credentials against application-specific identity stores,
9797
simply by including them in a bean archive that is part of the deployed application.
98-
There are also several standard built-in implementations of `HttpAuthenticationMechanism`
98+
There are also several standard, built-in implementations of `HttpAuthenticationMechanism`
9999
and `IdentityStore` that provide configurable support for common authentication and
100-
credential validation use cases without the need to write custom implementations.
100+
credential validation use cases, without the need to write custom implementations.
101101

102102
Because these SPIs, related annotations, and the CDI deployment mechanism are all
103103
part of standard Java EE, implementations are completely portable (to the extent

0 commit comments

Comments
 (0)