I am creating an simple Jakarta EE 9 app. Because of my own reason, I have to implement my own HttpAuthenticationMechanism (I am not using built-in HttpAuthenticationMechanism CDI beans).
I am having an issue with activating my own HttpAuthenticationMechanism. In my login servlet, I try to call SecurityContext.authenticate(request, response, AuthenticationParameters) to process a login manually, but my own HttpAuthenticationMechanism never get called. It was supposed to be called.
My own HttpAuthenticationMechanism & its annotations
@ApplicationScoped
@Alternative
@jakarta.annotation.Priority(jakarta.interceptor.Interceptor.Priority.APPLICATION)
@AutoApplySession
public class MyOwnHttpAuthenticationMechanism implements HttpAuthenticationMechanism {
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext)
throws AuthenticationException {
// Never called
}
}
As you see, I already added @Alternative and @Priority to activate the bean.
My environment:
- Jakarta EE 9.1
- Wildfly 26 preview for Jakarta EE 9
- I also changed Integrated JASPI from ON to OFF on the Wildfly.
- my jboss-web.xml: < security-domain>jaspitest< /security-domain>
- Java 11
Any helps? Thank you!
