How to use

HttpAuthenticationMechanism

in

javax.security.enterprise.authentication.mechanism.http

@Override
public void cleanSubject(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) {
  getWrapped().cleanSubject(request, response, httpMessageContext);
}

@Override
public AuthenticationStatus secureResponse(HttpServletRequest request, HttpServletResponse response,
    HttpMessageContext httpMessageContext) throws AuthenticationException {
  return getWrapped().secureResponse(request, response, httpMessageContext);
}

@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response,
    HttpMessageContext httpMessageContext) throws AuthenticationException {
  return getWrapped().validateRequest(request, response, httpMessageContext);
}

status = CDI.current()
      .select(HttpAuthenticationMechanism.class).get()
      .validateRequest(
        msgContext.getRequest(), 
        msgContext.getResponse(), 

/**
 * Called in response to a {@link HttpServletRequest#logout()} call.
 *
 */
@Override
public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
  HttpMessageContext msgContext = new HttpMessageContextImpl(handler, messageInfo, subject);
  
  CDI.current()
    .select(HttpAuthenticationMechanism.class).get()
    .cleanSubject(msgContext.getRequest(), msgContext.getResponse(), msgContext);
}

@Override
public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException {
  HttpMessageContext msgContext = new HttpMessageContextImpl(handler, messageInfo, null);
  try {
    AuthenticationStatus status = CDI.current()
                     .select(HttpAuthenticationMechanism.class).get()
                     .secureResponse(
                       msgContext.getRequest(), 
                       msgContext.getResponse(), 
                       msgContext);
    AuthStatus authStatus = fromAuthenticationStatus(status);
    if (authStatus == AuthStatus.SUCCESS) {
      return AuthStatus.SEND_SUCCESS;
    }
    return authStatus;
  } catch (AuthenticationException e) {
    throw (AuthException) new AuthException("Secure response failure in HttpAuthenticationMechanism").initCause(e);
  } finally {
    if (cdiPerRequestInitializer != null) {
      cdiPerRequestInitializer.destroy(msgContext.getRequest());
    }
  }
}

status = CDI.current()
      .select(HttpAuthenticationMechanism.class).get()
      .validateRequest(
        msgContext.getRequest(), 
        msgContext.getResponse(), 

/**
 * Called in response to a {@link HttpServletRequest#logout()} call.
 *
 */
@Override
public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
  HttpMessageContext msgContext = new HttpMessageContextImpl(handler, messageInfo, subject);
  
  CDI.current()
    .select(HttpAuthenticationMechanism.class).get()
    .cleanSubject(msgContext.getRequest(), msgContext.getResponse(), msgContext);
}

@Override
public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException {
  HttpMessageContext msgContext = new HttpMessageContextImpl(handler, messageInfo, null);
  try {
    AuthenticationStatus status = CDI.current()
                     .select(HttpAuthenticationMechanism.class).get()
                     .secureResponse(
                       msgContext.getRequest(), 
                       msgContext.getResponse(), 
                       msgContext);
    AuthStatus authStatus = fromAuthenticationStatus(status);
    if (authStatus == AuthStatus.SUCCESS) {
      return AuthStatus.SEND_SUCCESS;
    }
    return authStatus;
  } catch (AuthenticationException e) {
    throw (AuthException) new AuthException("Secure response failure in HttpAuthenticationMechanism").initCause(e);
  } finally {
    if (cdiPerRequestInitializer != null) {
      cdiPerRequestInitializer.destroy(msgContext.getRequest());
    }
  }
}