| created on | January 11, 2022 |
The Java Security API 1.0, defined in JSR-375, specifies three HAM (HttpAuthenticationMechanism): BASIC, FORM and Custom FORM.
You can configure the HttpAuthenticationMechanism that Payara uses in the by providing 1the context parameter :
Payara supports three types of HAMs: the HAMs defined in JSR-375, some custom built-in HAMs provided by Payara and custom HAMs provided by the application. The following table lists the possible values for :
| value | mechanism |
|---|---|
| Basic | BasicAuthenticationMechanism |
| Form | FormAuthenticationMechanism |
| CustomForm | CustomFormAuthenticationMechanism |
| JWT | custom Payara JWTAuthenticationMechanism |
| Certificate | custom Payara CertificateAuthenticationMechanism |
| Azure | custom Payara AzureOpenIdAuthenticationMechanism |
| custom Payara GoogleOpenIdAuthenticationMechanism | |
| OAuth2 | custom Payara OAuth2AuthenticationMechanism |
| any fully qualified class name | HttpAuthenticationMechanism indicated by the classname |
JSR-375 states that an application may provide ist own HAM:
"An application MAY supply its own HttpAuthenticationMechanism, if desired."
JSR-375, p. 11
which is crucial if you want to implement the RememberMe function. For the RememberMe function the application must provide an HAM, as specified in JSR-375:
"To use RememberMe, the application must provide an HttpAuthenticationMechanism and annotate the HttpAuthenticationMechanism with the RememberMe annotation."
JSR-375, p. 11
This is where the last value of the table kicks in. Luckily, Payara can be configured to use the implementation of the HAM packaged with your app.
Java EE Security API Specification, 1.0 (final) August 2017, Will Hopkins, Arjan Tijms JSR-375
Payara Community Documentation Multiple HttpAuthenticationMechanism in EAR