[jboss-user] [Security & JAAS/JBoss] - Re: SecurityAssociationCallback returns NULL-Principal in 5.

Arakasi69 do-not-reply at jboss.com
Sun Mar 8 15:05:04 EDT 2009 

Hello anil, 

thanks for your answer.

So, i understood my CustomLoginModule is responsible to assign the principal to the 'LisaUser'-role in the commit-phase. But in the login-phase, i can't get the principal from the SecurityAssociationCallback, which works in 4.0.3SP1.

In detail, i call a getUserNameAndPassword() method

    /**
  |      * Gather username (principal) and password from callbackhandler which should be authenticated
  |      * 
  |      * @return see main descritption
  |      * @throws LoginException
  |      */
  |     @Override
  |     protected Object[] getUsernameAndPassword() throws LoginException
  |     {
  |         Object[] info = { null, null };
  |         // prompt for a username and password
  |         if (callbackHandler == null)
  |         {
  |             throw new LoginException("Error: no CallbackHandler available " + "to collect authentication information");
  |         }
  |         LOG.debug("Current callbackHandler " + callbackHandler.toString());
  | 
  |         SecurityAssociationCallback callback = new SecurityAssociationCallback();
  |         Callback[] callbacks = { callback };
  |         String username = null;
  |         try
  |         {
  |             callbackHandler.handle(callbacks);
  | 
  |             Principal principal = callback.getPrincipal();
  |             LOG.debug("'getUsernameAndPassword()' found Principal " + principal);
  |             if (principal != null)
  |             {
  |                 m_identity = principal;
  |                 username = m_identity.getName();
  |             }
  | 
  |             char[] tmpPassword = (char[]) callback.getCredential();
  |             if (tmpPassword != null)
  |             {
  |                 m_credential = new char[tmpPassword.length];
  |                 System.arraycopy(tmpPassword, 0, m_credential, 0, tmpPassword.length);
  |                 callback.clearCredential();
  |             }
  |         }
  |         catch (IOException e)
  |         {
  |             LoginException le = new LoginException("Failed to get username/password");
  |             le.initCause(e);
  |             throw le;
  |         }
  |         catch (UnsupportedCallbackException e)
  |         {
  |             LoginException le = new LoginException("CallbackHandler does not support: " + e.getCallback());
  |             le.initCause(e);
  |             throw le;
  |         }
  |         info[0] = username;
  |         info[1] = m_credential;
  |         LOG.debug("Found username: " + username);
  |         return info;
  |     }
  | 

The SecurityAssociationCallbackHandler returns my CustomPrincipal, which i need for additional login information. But in 5.0.x.GA it returns null.

After that in the commit phase a the getRoleSet() will be called, where the principal would be assigned to the role if its not null.

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4216017#4216017

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4216017

More information about the jboss-user mailing list