And my Authenticator.Authenticate method simply decode the authorization http header String to get the username. Accept it if it exists in local databse, send 403 Faces context Response if not.
Well everything works fine (pages.xml, Restrict annotations ...), except that i have serious problems with EntityManager and Session Scoped Bean throwings multiple MethodNotSupportedException on EntityManager.merge() calls.
Using the entityManager.delegate() methods instead will work but it is certainly not secure at all.
So my questions are :
- is there a simpliest method to authenticate users against an HTTP authorization token herited from a proxy? - why entityManager.merge() (not persist, delete or update), throws me on each call a MethodNotSupportedException when everything else seems to work perfectly.