'How to activate my own Jakarta HttpAuthenticationMechanism implementation in Jakarta EE app

I am creating an simple Jakarta EE 9 app. Because of my own reason, I have to implement my own HttpAuthenticationMechanism (I am not using built-in HttpAuthenticationMechanism CDI beans).

I am having an issue with activating my own HttpAuthenticationMechanism. In my login servlet, I try to call SecurityContext.authenticate(request, response, AuthenticationParameters) to process a login manually, but my own HttpAuthenticationMechanism never get called. It was supposed to be called.

My own HttpAuthenticationMechanism & its annotations

@ApplicationScoped
@Alternative
@jakarta.annotation.Priority(jakarta.interceptor.Interceptor.Priority.APPLICATION)
@AutoApplySession

public class MyOwnHttpAuthenticationMechanism implements HttpAuthenticationMechanism {

    @Override
    public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext)
            throws AuthenticationException {
        
        // Never called
    }
}

As you see, I already added @Alternative and @Priority to activate the bean.

My environment:

  • Jakarta EE 9.1
  • Wildfly 26 preview for Jakarta EE 9
  • I also changed Integrated JASPI from ON to OFF on the Wildfly.
  • my jboss-web.xml: < security-domain>jaspitest< /security-domain>
  • Java 11

Any helps? Thank you!

javajakarta-eewildfly-26jakarta-ee-security-apijakarta-ee-9javascripthtmlgoogle-chrome-extensionyoutubechrome-extension-manifest-v3


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions