I am slowly getting into the dark world of Java EE and understanding Application Servers, Containers and Web applications.
Looking through existing codebases I can see production code referencing "jaspitest" in jboss-web.xml
A search on Github, it appears many other projects, reference this as well:
https://github.com/search?q="jaspitest"&type=code
In the Wildfly configuration it is defined as this:
<security-domain name="jaspitest" cache-type="default">
<authentication-jaspi>
<login-module-stack name="dummy">
<login-module code="Dummy" flag="optional"/>
</login-module-stack>
<auth-module code="Dummy"/>
</authentication-jaspi>
</security-domain>
A simple experiment, deleting this reference to jaspitest breaks all authentication.
What is the purpose of this default configuration, and why is it so prevalent?
What is the historical context of this?
Thanks
There is a detailed blog post about it here: https://arjan-tijms.omnifaces.org/2015/08/activating-jaspic-in-jboss-wildfly.html
tl;dr; JASPIC is a module that needs to get loaded on startup. This block loads it into the security domain so it's available when your app asks for it.