Skip to content
Advertisement

How to activate my own Jakarta HttpAuthenticationMechanism implementation in Jakarta EE app

I am creating an simple Jakarta EE 9 app. Because of my own reason, I have to implement my own HttpAuthenticationMechanism (I am not using built-in HttpAuthenticationMechanism CDI beans).

I am having an issue with activating my own HttpAuthenticationMechanism. In my login servlet, I try to call SecurityContext.authenticate(request, response, AuthenticationParameters) to process a login manually, but my own HttpAuthenticationMechanism never get called. It was supposed to be called.

My own HttpAuthenticationMechanism & its annotations

@ApplicationScoped
@Alternative
@jakarta.annotation.Priority(jakarta.interceptor.Interceptor.Priority.APPLICATION)
@AutoApplySession

public class MyOwnHttpAuthenticationMechanism implements HttpAuthenticationMechanism {

    @Override
    public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext)
            throws AuthenticationException {
        
        // Never called
    }
}

As you see, I already added @Alternative and @Priority to activate the bean.

My environment:

  • Jakarta EE 9.1
  • Wildfly 26 preview for Jakarta EE 9
  • I also changed Integrated JASPI from ON to OFF on the Wildfly.
  • my jboss-web.xml: < security-domain>jaspitest< /security-domain>
  • Java 11

Any helps? Thank you!

Advertisement

Answer

I found out what was wrong. There was NO security domain ‘jaspitest’ in Wildfly 26. This security domain existed in Wildfly before by default, but no longer exists. That was the reason why my own HttpAuthenticationMechanism did not get invoked.

Solution: Use Security Domain ‘other’ instead, OR remove the security-domain tag from jboss-web.xml, OR your own security domain

User contributions licensed under: CC BY-SA
5 People found this is helpful
Advertisement