I have a custom security module for Java EE applications. It follows the JSR-375 specification and it provides its own IdentityStore, as well as a custom HttpAuthenticationMechanism* and a ContainerRequestFilter.
I've been trying to make it work with a Quarkus microservice, yet it completely ignores my HttpAuthenticationMechanism even though it runs ContainerRequestFilter. It seems like quarkus uses its own HttpAuthenticationMechanism* , and it always overrides my own.
I tried using annotations such as @Provider and @PreMatching, as one can do for a custom ContainerRequestFilter, but the class is still ignored.
Any suggestions?
*Meaning an implementation of javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism, which has nothing to do with the io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism included in quarkus security.
As Ladicek pointed out, Quarkus does not support Jakarta Security, hence that my HttpAuthenticationMechanism is ignored.