@@ -54,7 +54,7 @@ is called for the response before it is sent. In contrast to the Servlet
5454Container Profile, `validateRequest()` processing for SOAP messages typically involves
5555verifying signatures on signed elements, decrypting encrypted elements, and/or
5656establishing the identity of a SOAP actor based on a token included in the message,
57- whereas `secureResponse()` typically involves signing and/or encrypting all or part
57+ while `secureResponse()` typically involves signing and/or encrypting elements
5858of the outbound message.
5959
6060JASPIC does not define any standard or built-in ServerAuthModules; they must be
@@ -76,7 +76,7 @@ to a web application. It defines three methods that correspond to the methods of
7676JASPIC `ServerAuthModule` , albeit with slightly different signatures.
7777An `HttpAuthenticationMechanism` provides similar functionality to a `ServerAuthModule` ,
7878and the Servlet Container uses a special `ServerAuthModule` to invoke the
79- HttpAuthenticationMechanism's methods, but HttpAuthenticationMechanisms are much
79+ HttpAuthenticationMechanism's methods, but HttpAuthenticationMechanisms are
8080simpler to write, and to deploy, than are ServerAuthModules.
8181
8282* `IdentityStore` - This interface defines methods for validating a caller's
@@ -87,17 +87,17 @@ specific order and aggregates the results.
8787
8888* `RememberMeIdentityStore` - This interface is a variation on the `IdentityStore`
8989interface, intended specifically to address cases where an authenticated user's
90- identity should be remembered for an extended period of time so that the caller
90+ identity should be remembered for an extended period of time, so that the caller
9191can return to the application periodically without needing to present primary
9292authentication credentials each time.
9393
9494 Implementations of these SPI interfaces are CDI beans, and, as such, applications
9595can provide implementations that support application-specific authentication
9696mechanisms, or validate user credentials against application-specific identity stores,
9797simply by including them in a bean archive that is part of the deployed application.
98- There are also several standard built-in implementations of `HttpAuthenticationMechanism`
98+ There are also several standard, built-in implementations of `HttpAuthenticationMechanism`
9999and `IdentityStore` that provide configurable support for common authentication and
100- credential validation use cases without the need to write custom implementations.
100+ credential validation use cases, without the need to write custom implementations.
101101
102102Because these SPIs, related annotations, and the CDI deployment mechanism are all
103103part of standard Java EE, implementations are completely portable (to the extent
0 commit comments