Type: New Feature
The validateRequest method of an auth module can be called at the "start" of an HTTP request (before the target resource or any servlet filters are invoked), or it can be called following a call to the Servlet 3.0 HttpServletRequest.authenticate() method.
In some cases it may be necessary for the auth module to distinguish between these cases. One use case is that following a call to HttpServletRequest.authenticate(), the auth module fully runs within the context of the calling code. E.g. if the calling code is a CDI bean backing a JSF view, then both the CDI contexts as well as the Faces context are available to the auth module. An auth module that is created specifically for CDI/JSF may take advantage of this.
It might thus be convenient to have a portable way for the auth module to find out at which of those two different points it's invoked.
Note that WebSphere 8.5 solves this issue by putting a key com.ibm.websphere.jaspi.request in the MessageInfo map, with authenticate as value (see http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/index.jsp?topic=%2Fcom.ibm.websphere.nd.doc%2Fae%2Ftsec_jaspi_create.html step 4).