if (securityRealm != null) {
DomainCallbackHandler callbackHandler = securityRealm.getCallbackHandler();
Class<Callback>[] supportedCallbacks = callbackHandler.getSupportedCallbacks();
if (DigestAuthenticator.requiredCallbacksSupported(supportedCallbacks)) {
auth = new DigestAuthenticator(new AuthenticationProvider(securityRealm), securityRealm.getName(), contains(DigestHashCallback.class,
supportedCallbacks));
} else if (BasicAuthenticator.requiredCallbacksSupported(supportedCallbacks)) {
auth = new BasicAuthenticator(new AuthenticationProvider(securityRealm), securityRealm.getName());
}
if (securityRealm.hasTrustStore()) {
// For this to return true we know we have a trust store to use to verify client certificates.
if (auth == null) {
certAuthMode = CertAuth.NEED;
auth = new ClientCertAuthenticator(new AuthenticationProvider(securityRealm), securityRealm.getName());
} else {
// We have the possibility to use Client Cert but also Username/Password authentication so don't
// need to force clients into presenting a Cert.
certAuthMode = CertAuth.WANT;
}