[jboss-user] [Security & JAAS/JBoss] - LoginModule called twice + exception

Hi, I created a custom LoginModule that validates a user based on its SSOToken; if it's valid, the login is successful. The problem is my LoginModule's initialize() and login() methods are called twice.. While debugging the code, I noticed the CallbackHandler object received in the LoginModule's initialize(...) method is a LoginContext$SecureCallbackHandler object. It looks like this object is a wrapper for my custom callback handler. This object has a field named ch (comes from Callback Handler, I presume). The problem is, the first time when my LoginModule is called, this field is set with my own custom callbackHandler (what I expect it to be), but the second time it's set with another callback handler (SecurityAssociationHandler). Because of that, I'm getting the following exception: ............... javax.security.auth.callback.UnsupportedCallbackException: Unrecognized Callback at org.jboss.security.auth.callback.SecurityAssociationHandler.handle(SecurityAssociationHandler.java:128) at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:955) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext$SecureCallbackHandler.handle(LoginContext.java:951) at com.xxx.xxx.auth.SsoTokenLoginModule.login(SsoTokenLoginModule.java:121) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) ............... Do you know why is it called twice and what should I do to avoid this exception ? Thank you in advance ! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3994981#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...