{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 爷的心禁止访问 的问题《Custom Security mechanism in Java EE 6/7 applicati》','https://www.manongdao.com/q-671403.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I would like to create (implement by my own) authentication mechanism which will be plugged into my Java EE application.
As far as I know I have to implement LoginModule and connect this implementation with container mechanisms somehow. But the problem is that I don't know how to do it. Maybe You know where I can find sample code or tutorial about it?
In other words I would like to force container to call my classes whenever methods: authenticate, login, and logout are called.
Sample implementation: HttpServletRequest.login method will successfully authenticate only users with even numer of letters in login.
You should research JAAS.
Wikipedia gives a good overview: http://en.m.wikipedia.org/wiki/Java_Authentication_and_Authorization_Service
This will provide all the info and tutorials you need: http://docs.oracle.com/javase/7/docs/technotes/guides/security/
Tutorial with sample app: http://download.java.net/jdk8/docs/technotes/guides/security/jaas/tutorials/GeneralAcnOnly.html
And check this out in SO: JAAS for human beings
After reading about JAAS, you should implement your login module basing on org.jboss.security.auth.spi.AbstractServerLoginModule (from org.picketbox/picketbox maven artifact). Then deploy the module with your app, and create a proper security domain and realm in WildFly's standalone.xml, like such:
...
Look out for different behaviour on different JBoss AS versions. 7.1.1 will not allow you to deploy the login module, you would have to create a separate jboss module and bind it with org.picketbox and jboss.security modules.
Additional reading: https://docs.jboss.org/author/display/WFLY8/Security+subsystem+configuration
https://docs.jboss.org/author/display/WFLY8/Security+Realms
http://java.dzone.com/articles/creating-custom-login-modules (it is a little outdated, but the gives the main idea)
I believe the container independent way of doing this is to use JASPIC (JSR 196). Unfortunately it doesn't appear simple, robust, or particularly well documented. Here is a reference: http://arjan-tijms.blogspot.com/2012/11/implementing-container-authentication.html.