I started developing on the Java EE platform 15 years ago (yep, you read that right). At that time, the only way to authenticate in a webapp was through a callback. Recent Java EE versions offer alternatives. This post aims at describing both, how they work and their respective benefits.