[jboss-user] [Security & JAAS/JBoss] - not getting custom callbackHandler inside the loginmodule!!!
balajiv
do-not-reply at jboss.com
Fri Jun 13 16:31:40 EDT 2008
I have a problem initializing LoginContext with custom CallbackHandler!
Inside my LoginModule class in initialize(..), I am getting different CallbackHandler eventhough I instantiated the LoginContext with custom CallbackHandler.
This is the web app, using JSF components (ICEfaces 1.7) and JBoss 4.2.2GA.
login-config.xml under <jboss4.2.2GA home>/server/default/conf:
| ....
| <application-policy name = "myapp-login-module">
| <authentication>
| <login-module code="com.xyz.security.jaas.MyLoginModule" flag="required">
| </login-module>
| </authentication>
| </application-policy>
| ....
|
web.xml in the WEB-INF folder:
....
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>All resources</web-resource-name>
| <description>Protects all resources</description>
| <url-pattern>/*</url-pattern>
| </web-resource-collection>
| </security-constraint>
| ....
jboss-web.xml
| <jboss-web>
| <context-root>/myapp</context-root>
| <security-domain>java:/jaas/myapp-login-module</security-domain>
| </jboss-web>
faces-config.xml
| ...
| <managed-bean>
| <description>
| user info, implements Principal and has getName()
| </description>
| <managed-bean-name>userProfile</managed-bean-name>
| <managed-bean-class>com.xyz.security.business.UserProfile</managed-bean-class>
| <managed-bean-scope>session</managed-bean-scope>
| </managed-bean>
| ...
| <managed-bean>
| <description>
| this class has login method and instantiates LoginContext with the custom CallbackHandler
| </description>
| <managed-bean-name>appSecurity</managed-bean-name>
| <managed-bean-class>com.xyz.security.jaas.AppSecurity</managed-bean-class>
| <managed-bean-scope>session</managed-bean-scope>
| <managed-property>
| <property-name>userProfile</property-name>
| <value>#{userProfile}</value>
| </managed-property>
| </managed-bean>
| .....
|
AppSecurity.java
...
| public AppSecurity(){
| handler = new MyCallbackHandler();
| }
|
| public void login() throws LoginException{
| LoginContext loginContext = new LoginContext("myapp-login-module", handler);
| loginContext.login();
| }
| ...
|
Our LoginModule class 'MyLoginModule' is not getting custom callback handler inside initialize(...) method. I know, I am doing a big mistake here, please help me out.
Thanks
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4158080#4158080
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4158080
More information about the jboss-user
mailing list