created on | January 11, 2022 |
The Java Security API 1.0, defined in JSR-375, specifies three HAM (HttpAuthenticationMechanism): BASIC, FORM and Custom FORM.
You can configure the HttpAuthenticationMechanism that Payara uses in the by providing 1the context parameter :
Payara supports three types of HAMs: the HAMs defined in JSR-375, some custom built-in HAMs provided by Payara and custom HAMs provided by the application. The following table lists the possible values for :
value | mechanism |
---|---|
Basic | BasicAuthenticationMechanism |
Form | FormAuthenticationMechanism |
CustomForm | CustomFormAuthenticationMechanism |
JWT | custom Payara JWTAuthenticationMechanism |
Certificate | custom Payara CertificateAuthenticationMechanism |
Azure | custom Payara AzureOpenIdAuthenticationMechanism |
custom Payara GoogleOpenIdAuthenticationMechanism | |
OAuth2 | custom Payara OAuth2AuthenticationMechanism |
any fully qualified class name | HttpAuthenticationMechanism indicated by the classname |
JSR-375 states that an application may provide ist own HAM:
"An application MAY supply its own HttpAuthenticationMechanism, if desired."
JSR-375, p. 11
which is crucial if you want to implement the RememberMe function. For the RememberMe function the application must provide an HAM, as specified in JSR-375:
"To use RememberMe, the application must provide an HttpAuthenticationMechanism and annotate the HttpAuthenticationMechanism with the RememberMe annotation."
JSR-375, p. 11
This is where the last value of the table kicks in. Luckily, Payara can be configured to use the implementation of the HAM packaged with your app.