I would like to create (implement by my own) authentication mechanism which will be
plugged into my Java EE application.
As far as I know I have to implement LoginModule and connect this implementation with
container mechanisms somehow. But the problem is that I don't know how to do it.
Maybe You know where I can find sample code or tutorial about it?
In other words I would like to force container to call my classes whenever methods:
authenticate, login, and logout are called.
Sample implementation:
HttpServletRequest.login method will successfully authenticate only users with even numer of letters in login.
After reading about JAAS, you should implement your login module basing on org.jboss.security.auth.spi.AbstractServerLoginModule (from org.picketbox/picketbox maven artifact). Then deploy the module with your app, and create a proper security domain and realm in WildFly's standalone.xml, like such:
<security-domain name="myDomain" cache-type="default">
<authentication>
<login-module code="com.example.TestLoginModule" flag="required"
module="deployment.sample.jar"/>
</authentication>
</security-domain>
...
<security-realm name="MyRealm">
<authentication>
<jaas name="myDomain"/>
</authentication>
</security-realm>
Look out for different behaviour on different JBoss AS versions. 7.1.1 will not allow you to deploy the login module, you would have to create a separate jboss module and bind it with org.picketbox and jboss.security modules.
Additional reading:
https://docs.jboss.org/author/display/WFLY8/Security+subsystem+configuration
https://docs.jboss.org/author/display/WFLY8/Security+Realms
http://java.dzone.com/articles/creating-custom-login-modules (it is a little outdated, but the gives the main idea)
I believe the container independent way of doing this is to use JASPIC (JSR 196). Unfortunately it doesn't appear simple, robust, or particularly well documented. Here is a reference: http://arjan-tijms.blogspot.com/2012/11/implementing-container-authentication.html.
You should research JAAS.
Wikipedia gives a good overview:
http://en.m.wikipedia.org/wiki/Java_Authentication_and_Authorization_Service
This will provide all the info and tutorials you need:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/
Tutorial with sample app:
http://download.java.net/jdk8/docs/technotes/guides/security/jaas/tutorials/GeneralAcnOnly.html
And check this out in SO:
JAAS for human beings
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 姐就是有狂的资本 的文章《Custom Security mechanism in Java EE 6/7 applicati》','https://www.manongdao.com/article-823629.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}