0

I'm using a Tomcat 10 server with Jakarta 9 and i've got a problem with my HttpAuthenticationMechanism implementation. When I call my servlets, the HttpAuthenticationMechanism is never invoked. I checked Jakarta security, it works well with basic authentication

Implementation Authentitcate Mechanism

@ApplicationScoped
public class TestAuthenticationMechanism implements HttpAuthenticationMechanism {

    @Inject
    private IdentityStoreHandler identityStoreHandler;

    @Override
    public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws     AuthenticationException {
        final String name = request.getParameter("name");
        final String pwd = request.getParameter("password");

        if (name != null && pwd != null ) {

            Password password = new Password(pwd);

            CredentialValidationResult result = identityStoreHandler.validate(
                    new UsernamePasswordCredential(name, password));

            if (result.getStatus() == VALID) {
                return httpMessageContext.notifyContainerAboutLogin(
                        result.getCallerPrincipal(), result.getCallerGroups());
            }
            return httpMessageContext.responseUnauthorized();
        }
        return httpMessageContext.doNothing();
    }

}

Servlet test

@WebServlet("/servlet")
@DeclareRoles({ "admin", "user" })
@ServletSecurity(@HttpConstraint(rolesAllowed = "admin"))
public class TestServlet  extends HttpServlet {

    private static final long serialVersionUID = 1L;

    @Override
    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        response.getWriter().write("This is a servlet \n");
    }

}

Pom

<dependencies>
    <!-- Jakarta Platform -->
    <dependency>
        <groupId>jakarta.platform</groupId>
        <artifactId>jakarta.jakartaee-api</artifactId>
        <version>${version.group.jakarta}</version>
    </dependency>

    <!--
        ==============================
        MicroProfile implementation
        ==============================
    -->

    <!-- Config -->
    <dependency>
        <groupId>io.smallrye.config</groupId>
        <artifactId>smallrye-config</artifactId>
        <version>${version.smallrye-config}</version>
    </dependency>

    <!-- OpenAPI -->
    <dependency>
        <groupId>io.smallrye</groupId>
        <artifactId>smallrye-open-api-core</artifactId>
        <version>${version.group.smallrye-openapi}</version>
    </dependency>
    <dependency>
        <groupId>io.smallrye</groupId>
        <artifactId>smallrye-open-api-jaxrs</artifactId>
        <version>${version.group.smallrye-openapi}</version>
    </dependency>
    <dependency>
        <groupId>io.smallrye</groupId>
        <artifactId>jandex</artifactId>
        <version>${version.group.smallrye-jandex}</version>
    </dependency>

    <!-- JWT -->
    <dependency>
        <groupId>io.smallrye</groupId>
        <artifactId>smallrye-jwt</artifactId>
        <version>${version.group.smallrye-jwt}</version>
    </dependency>


    <!--
        ==============================
        Tomcat implementation
        ==============================
    -->
    <!-- CDI 3.0 -->
    <dependency>
        <groupId>org.jboss.weld.servlet</groupId>
        <artifactId>weld-servlet-core</artifactId>
        <version>${version.group.weld}</version>
    </dependency>
    <dependency>
        <groupId>org.jboss.weld.servlet</groupId>
        <artifactId>weld-servlet-shaded</artifactId>
        <version>${version.group.weld}</version>
    </dependency>
    <dependency>
        <groupId>jakarta.enterprise</groupId>
        <artifactId>jakarta.enterprise.cdi-api</artifactId>
        <version>${version.cdi-api}</version>
    </dependency>
    <dependency>
        <groupId>jakarta.inject</groupId>
        <artifactId>jakarta.inject-api</artifactId>
        <version>${version.inject-api}</version>
    </dependency>
    <dependency>
        <groupId>jakarta.interceptor</groupId>
        <artifactId>jakarta.interceptor-api</artifactId>
        <version>${version.interceptor-api}</version>
    </dependency>

    <!-- JPA 3.0 -->
    <dependency>
        <groupId>org.hibernate</groupId>
        <artifactId>hibernate-core-jakarta</artifactId>
        <version>${version.group.hibernate}</version>
        <exclusions>
            <exclusion>
                <groupId>org.jboss</groupId>
                <artifactId>jandex</artifactId>
            </exclusion>
        </exclusions>
    </dependency>

    <!-- JTA 2.0 -->
    <dependency>
        <groupId>org.jboss.narayana.jta</groupId>
        <artifactId>narayana-jta-jakarta</artifactId>
        <version>${version.narayana-jta}</version>
    </dependency>

    <!-- Bean Validation 3.0 -->
    <dependency>
        <groupId>org.hibernate.validator</groupId>
        <artifactId>hibernate-validator-cdi</artifactId>
        <version>${version.group.hibernate-validator}</version>
    </dependency>
    <dependency>
        <groupId>org.hibernate.validator</groupId>
        <artifactId>hibernate-validator</artifactId>
        <version>${version.group.hibernate-validator}</version>
    </dependency>
    <dependency>
        <groupId>org.hibernate.validator</groupId>
        <artifactId>hibernate-validator-annotation-processor</artifactId>
        <version>${version.group.hibernate-validator}</version>
    </dependency>

    <!-- JAX RS 3.0 -->
    <dependency>
        <groupId>org.jboss.resteasy</groupId>
        <artifactId>resteasy-cdi</artifactId>
        <version>${version.group.resteasy}</version>
    </dependency>
    <dependency>
        <groupId>org.jboss.resteasy</groupId>
        <artifactId>resteasy-servlet-initializer</artifactId>
        <version>${version.group.resteasy}</version>
    </dependency>
    <dependency>
        <!-- JSON-B 2.0 -->
        <groupId>org.jboss.resteasy</groupId>
        <artifactId>resteasy-json-binding-provider</artifactId>
        <version>${version.group.resteasy}</version>
    </dependency>
    <dependency>
        <!-- JSON-P 2.0 -->
        <groupId>org.jboss.resteasy</groupId>
        <artifactId>resteasy-json-p-provider</artifactId>
        <version>${version.group.resteasy}</version>
    </dependency>
    <dependency>
        <groupId>org.jboss.resteasy</groupId>
        <artifactId>resteasy-validator-provider</artifactId>
        <version>${version.group.resteasy}</version>
    </dependency>
    <dependency>
        <groupId>org.jboss.resteasy</groupId>
        <artifactId>resteasy-jaxb-provider</artifactId>
        <version>${version.group.resteasy}</version>
    </dependency>

    <!-- Security 2.0 -->
    <dependency>
        <groupId>org.glassfish.soteria</groupId>
        <artifactId>jakarta.security.enterprise</artifactId>
        <version>${version.soteria}</version>
    </dependency>
    <dependency>
        <groupId>org.omnifaces</groupId>
        <artifactId>exousia</artifactId>
        <version>${version.exousia}</version>
    </dependency>

    <!-- JAXB -->
    <dependency>
        <groupId>com.sun.xml.bind</groupId>
        <artifactId>jaxb-impl</artifactId>
        <version>${version.jabx-impl}</version>
    </dependency>
</dependencies>

I tried to programmatically check if it worked like How to activate my own Jakarta HttpAuthenticationMechanism implementation in Jakarta EE app but without result.

Rashkal
  • 1

0 Answers0