I am Using Jboss form based Authentication J_security_check. Now I need to use the implicit grant in my application. I want to use both the authentication available based on the user. (custom)
I can get the access token in the callbackUri, Now, I want the access_token to be sent to the J_security_check by passing through the form. Is there a way to send the token into the request header and capture it inside the j_security_check?
You can't add headers with a normal HTML form submit. But you can use AJAX to send a custom POST call.
E.g. using jQuery:
$.ajax({
type: "POST",
url: "j_security_check",
headers: {
'X-access_token': 'value1'
},
data: { j_username: "John", j_password: "Boston" }
})
On the server side, there's usually a Servlet Filter or JAX-RS ContainerRequestFilter or other interceptor that intercepts the access token and translates it into something your security configuration can handle.
See e.g. http://www.mastertheboss.com/jboss-frameworks/keycloak/keycloak-oauth2-example-with-rest-application