[jboss-user] [Security & JAAS/JBoss] - not getting custom callbackHandler inside the loginmodule!!!

balajiv do-not-reply at jboss.com
Fri Jun 13 16:31:40 EDT 2008 

I have a problem initializing LoginContext with custom CallbackHandler!
Inside my LoginModule class in initialize(..), I am getting different CallbackHandler eventhough I instantiated the LoginContext with custom CallbackHandler.

This is the web app, using JSF components (ICEfaces 1.7) and JBoss 4.2.2GA.

login-config.xml under <jboss4.2.2GA home>/server/default/conf:


  | ....
  | <application-policy name = "myapp-login-module">
  |          <authentication>
  |                <login-module code="com.xyz.security.jaas.MyLoginModule" flag="required">
  |                 </login-module>
  |          </authentication>
  | </application-policy>
  | ....
  | 


web.xml in the WEB-INF folder:

....
  | <security-constraint>
  | 	<web-resource-collection>
  | 		<web-resource-name>All resources</web-resource-name>
  | 		<description>Protects all resources</description>
  | 		<url-pattern>/*</url-pattern>
  |         </web-resource-collection>	
  |  </security-constraint>
  | ....


jboss-web.xml

  | <jboss-web>
  |    <context-root>/myapp</context-root>
  |    <security-domain>java:/jaas/myapp-login-module</security-domain> 
  | </jboss-web>


faces-config.xml


  | ...
  | <managed-bean>
  | 	       <description>
  | 	                  user info, implements Principal and has getName()
  | 	      </description>
  | 	      <managed-bean-name>userProfile</managed-bean-name>
  |     <managed-bean-class>com.xyz.security.business.UserProfile</managed-bean-class>
  | 	      <managed-bean-scope>session</managed-bean-scope>    
  |     </managed-bean>
  | ...
  | <managed-bean>
  |     	       <description>
  |     	                  this class has login method and instantiates LoginContext with the custom CallbackHandler
  |     	      </description>
  |     	      <managed-bean-name>appSecurity</managed-bean-name>
  |     	      <managed-bean-class>com.xyz.security.jaas.AppSecurity</managed-bean-class>
  |     	      <managed-bean-scope>session</managed-bean-scope> 
  |     	      <managed-property>
  | 	       		<property-name>userProfile</property-name>
  | 	      		<value>#{userProfile}</value>
  |     	      </managed-property>
  |     </managed-bean>
  | .....
  | 


AppSecurity.java

...
  | public AppSecurity(){
  | 	handler = new MyCallbackHandler();
  | }
  | 
  | public void login() throws LoginException{
  | 	LoginContext loginContext = new LoginContext("myapp-login-module", handler);
  | 	loginContext.login();
  | }
  | ...
  | 


Our LoginModule class 'MyLoginModule' is not getting custom callback handler inside initialize(...) method. I know, I am doing a big mistake here, please help me out.

Thanks


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4158080#4158080

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4158080

More information about the jboss-user mailing list