I have a simple app deployed with a few JSPs. The example is described here and the sample files are here. If I try to access localhost:7001/FormBasedApp/protected/protected.jsp, it redirects me to the login.jsp as expected.
I created a custom authenticator and repeated the exercise. I expected my LoginModule to get called, but it doesn't (it doesn't call any other login modules either, not even the for the default authenticator so it seems like a config problem instead of a problem with my module which never hits a breakpoint). It looks like WebLogic only calls login modules after something is submitted on login.jsp (it hits my breakpoint and other login modules as well).
My goal is to allow access based on a custom token. However, for that to work, I need WebLogic to go to my LoginModule where I can process the token and add a Subject and Principals without going through login.jsp first. Ideally a user should be able to hit any protected file directly as long as they have a valid token.
What piece of configuration am I missing? I've tried a custom Identity Asserter like this one, and the logic all works, but it still only triggers for me when going through a login page and not directly to a URL.
Thanks!