mguimard
commented
7 years ago I didn't find a way to make a JaaS module work along with custom ServerAuthModule as they don't reside in the same application (payara libs / application source). Maybe I'm missing something like a setting to make them work together (thinking to "not required" setting), but that seems tricky to implement.
What we can do, is develop an other custom ServerAuthModule, which takes into account these params, and that could be enabled/disabled from domain settings.
An other great improvement, is to let the server admin choose which authentication modules are enabled/disabled.
before we implemented JWT token auth, it could be possible to configure the system to rely on JaaS module for authentication. We lost this flexibility since the credential validation rely on database stored login/password.
Why not delegate to a JaaS module?