Add a workaround in case there is only one mechanism available
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
index c74e76f..7ac4772 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/TomEESecurityServletAuthenticationMechanismMapper.java
@@ -74,10 +74,11 @@
final Set<HttpAuthenticationMechanism> availableBeans = authenticationMechanisms.stream().collect(Collectors.toSet());
availableBeans.removeAll(servletAuthenticationMapper.values());
- availableBeans.remove(defaultAuthenticationMechanism);
+ availableBeans.remove(defaultAuthenticationMechanism); // this our wrapper
if (availableBeans.size() == 1) {
defaultAuthenticationMechanism.setDelegate(availableBeans.iterator().next());
+
} else if (availableBeans.size() > 1) {
throw new IllegalStateException(
"Multiple HttpAuthenticationMechanism found " +
@@ -86,6 +87,11 @@
.collect(toList()) + " " +
"without a @WebServlet association. " +
"Deploy a single one for the application, or associate it with a @WebServlet.");
+
+ } else if (servletAuthenticationMapper.size() == 1) {
+ // don't think it's covered by the spec but sotera seems to support such a case
+ defaultAuthenticationMechanism.setDelegate(servletAuthenticationMapper.values().iterator().next());
+
}
}