Certificate Identity Store
Since Payara Server 5.194
The Payara API provides the @CertificateIdentityStoreDefinition
and @CertificateAuthenticationMechanismDefinition
annotations that create an identity store and authentication mechanism to authenticate users using the certificate realm.
Usage
The Certificate realm authentication mechanism and identity store are defined through the @CertificateAuthenticationMechanismDefinition
and @CertificateIdentityStoreDefinition
annotations.
Specifying this in a valid place as defined by the Jakarta EE Security API will create the mechanism.
Often this may mean that any class is a valid position.
If a Certificate realm is not found with the defined name then a new Certificate realm is registered on the server using the create-auth-realm
asadmin command,
otherwise the existing Certificate realm instance is used to authenticate the users.
Example
The following code sample illustrates how to configure Certificate realm identity store:
@ApplicationScoped
@ApplicationPath("/rest")
@DeclareRoles({ "a", "b")
@CertificateAuthenticationMechanismDefinition
@CertificateIdentityStoreDefinition("certificate-realm")
public class MyRestApp extends Application {
}
Configuration
The Certificate realm identity store can be configured with both @CertificateIdentityStoreDefinition
annotation attributes and MicroProfile Config properties. The annotation and MicroProfile properties have several configuration options.
They are detailed as shown below.
Option | MP Config property | Description | Default | Required |
---|---|---|---|---|
|
The name of the certificate realm. |
|
||
|
|
The users are assigned membership to these groups for the purposes of authorization decisions. |
Note : If both an annotation attribute and a MicroProfile Config property are defined for the same option
then the MicroProfile Config property value always takes precedence over the @CertificateIdentityStoreDefinition
annotation value.