I am creating an simple Jakarta EE 9 app. Because of my own reason, I have to implement my own HttpAuthenticationMechanism (I am not using built-in HttpAuthenticationMechanism CDI beans).
I am having an issue with activating my own HttpAuthenticationMechanism. In my login servlet, I try to call SecurityContext.authenticate(request, response, AuthenticationParameters) to process a login manually, but my own HttpAuthenticationMechanism never get called. It was supposed to be called.
My own HttpAuthenticationMechanism & its annotations
@ApplicationScoped
@Alternative
@jakarta.annotation.Priority(jakarta.interceptor.Interceptor.Priority.APPLICATION)
@AutoApplySession
public class MyOwnHttpAuthenticationMechanism implements HttpAuthenticationMechanism {
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext)
throws AuthenticationException {
// Never called
}
}
As you see, I already added @Alternative and @Priority to activate the bean.
My environment:
- Jakarta EE 9.1
- Wildfly 26 preview for Jakarta EE 9
- I also changed Integrated JASPI from ON to OFF on the Wildfly.
- my jboss-web.xml: < security-domain>jaspitest< /security-domain>
- Java 11
Any helps? Thank you!
Advertisement
Answer
I found out what was wrong. There was NO security domain ‘jaspitest’ in Wildfly 26. This security domain existed in Wildfly before by default, but no longer exists. That was the reason why my own HttpAuthenticationMechanism did not get invoked.
Solution: Use Security Domain ‘other’ instead, OR remove the security-domain tag from jboss-web.xml, OR your own security domain