| created on | January 11, 2022 |
The Java Security API 1.0, defined in JSR-375, specifies three HAM (HttpAuthenticationMechanism): BASIC, FORM and Custom FORM.
You can configure the HttpAuthenticationMechanism that Payara uses in the by providing 1the context parameter :
Payara supports three types of HAMs: the HAMs defined in JSR-375, some custom built-in HAMs provided by Payara and custom HAMs provided by the application. The following table lists the possible values for :
| value | mechanism |
|---|---|
| Basic | BasicAuthenticationMechanism |
| Form | FormAuthenticationMechanism |
| CustomForm | CustomFormAuthenticationMechanism |
| JWT | custom Payara JWTAuthenticationMechanism |
| Certificate | custom Payara CertificateAuthenticationMechanism |
| Azure | custom Payara AzureOpenIdAuthenticationMechanism |
| custom Payara GoogleOpenIdAuthenticationMechanism | |
| OAuth2 | custom Payara OAuth2AuthenticationMechanism |
| any fully qualified class name | HttpAuthenticationMechanism indicated by the classname |
JSR-375 states that an application may provide ist own HAM:
"An application MAY supply its own HttpAuthenticationMechanism, if desired."
JSR-375, p. 11
which is crucial if you want to implement the RememberMe function. For the RememberMe function the application must provide an HAM, as specified in JSR-375:
"To use RememberMe, the application must provide an HttpAuthenticationMechanism and annotate the HttpAuthenticationMechanism with the RememberMe annotation."
JSR-375, p. 11
This is where the last value of the table kicks in. Luckily, Payara can be configured to use the implementation of the HAM packaged with your app.