"Basically, we need access to HttpservletRequest, HttpservletResponse and ServletContext object in Elytron's HttpServerAuthenticationMechanism. Its too abstract to do any custom implementation. Is there are an option to get access to these objects?"
Provided that you have the ServletFilter in place (that I described earlier) then any servlet objects required by your authentication mechanism can be made available as an attachment to the exchange scope (which exposes any request attributes as an attachment).
e.g.
public class ExchangeScopeAttachmentFilter implements jakarta.servlet.Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
request.setAttribute(ServletRequest.class.getName(), request);
request.setAttribute(ServletResponse.class.getName(), response);
chain.doFilter(request, response);
}
}
You can then access the servlet request/response objects as exchange scope attachments in your HttpServetAuthenticationMechanism:
e.g.
public void evaluateRequest(HttpServetRequest request) {
HttpScope scope = request.getScope(Scope.EXCHANGE);
HttpServetRequest req = scope.getAttachment(ServletRequest.class.getName(), HttpServletRequest.class);
HttpServetResponse resp = scope.getAttachment(ServletResponse.class.getName(), HttpServletReponse.class);
ServletContext context = req.getServletContext();