Effectively, that is what SPNEGO does. So does NTLM. Neither protocol are as simple as just getting some credentials, and then validating them.
The server sends an authorization header. The client responds with a token. That token is validated, wrapped, and sent back to the client. The client returns a final token which can be used to get identifying user attributes.
That's why I felt that I needed to take the seemingly strange approach that I took. I'm always interested in hearing about ways to improve what I've done, so please don't stop using a critical eye on this stuff.
Thanks!
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3967345#3967345
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3967345
Does it mean you want SASL kind of infrastructure wherein the server issues challenges that the client will try to satisfy?
| |sasl client| -----Here I am -------------> |Sasl Server|
|
| |sasl client| <-----Challenge 1 ------------- |Sasl Server|
|
| |sasl client| -----Challenge 1 resp-------------> |Sasl Server|
|
|
| |sasl client| <-----Challenge 2------------- |Sasl Server|
|
|
| |sasl client| -----Challenge 2 resp-------------> |Sasl Server|
|
|
| |sasl client| <-----Welcome to Neverland------------- |Sasl Server|
|
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3967338#3967338
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3967338
At second glance, I think I realized why I didn't use Q13 in http://wiki.jboss.org/wiki/Wiki.jsp?page=AccessingServletRequestForAuthen....
The issue is that SPNEGO is a multi-pass authentication. It is my understanding that it is the job of the callback handler to retrieve user credentials. That is why I put the phase 1 part of authentication into the callback handler. In this phase, I needed access not only to the request, but also the response so that the callback handler could send a proper response the to the browser to have it perform the next phase of the authentication. After the browser handles it's phase, I then can handle the final phase in the login module
Perhaps I'm interpreting the role of the callback handler improperly or too strictly?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3967333#3967333
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3967333
Hello everyone,
I am new to JBoss (and J2EE..), trying to understand the design and the development process in your applications server. Right now, I am interested in how do you debug problems found in the unit tests?
Is there an easy way to step into a unit test and debug from there (using eclipse for example) or I have to create my own eclipse project, add the unit test and the unit and write a new application entry point, then deploy the the server....(slow)
Or is there another approach?
Thanks
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3967320#3967320
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3967320