[jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-2230) Allow Seam to work with the WebLogic JAAS server authentication without any source code modifications

Pete Muir (JIRA) jira-events at lists.jboss.org
Sun Jan 27 17:46:22 EST 2008

     [ http://jira.jboss.com/jira/browse/JBSEAM-2230?page=all ]

Pete Muir updated JBSEAM-2230:

    Component/s: Security

> Allow Seam to work with the WebLogic JAAS server authentication without any source code modifications
> -----------------------------------------------------------------------------------------------------
>                 Key: JBSEAM-2230
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-2230
>             Project: JBoss Seam
>          Issue Type: Feature Request
>          Components: Security
>    Affects Versions: 2.0.0.GA
>         Environment: BEA WebLogic Server v. 10 MP1 (The issue should be observable from version 8 and up)
>            Reporter: Krasimir Chobantonov
>            Priority: Optional
> When using JBoss Identity for server delegated security authentication using the jaas-config-name attribute in security:identity XML element inside JBoss SEAM components.xml file and deploying that on BEA WebLogic Server then the authentication is always failing if the default WebLogic JAAS module is used. Follows the WebLogic server JAAS configuration file content :
> myrealm {
> 	weblogic.security.auth.login.UsernamePasswordLoginModule required authOnLogin="true" debug="false";
> };
> The problem is that the WebLogic server passes JAAS callback weblogic.security.auth.callback.URLCallback on which Seam throws an UnsupportedCallbackException class exception.
> To make this functionality to work you have to either 
> 1) create custom JAAS module for WebLogic server
> 2) Extend org.jboss.seam.security.Identity and org.jboss.seam.security.RuleBasedIdentity classes to override    
>            protected CallbackHandler getDefaultCallbackHandler()
>     method and include a new else branch before the default that throws UnsupportedCallbackException
> 					} else if (callbacks[i].getClass().getName().equals 
> 	                            ("weblogic.security.auth.callback.URLCallback")) {
> 						// deliberately ignored.
> 					} 
> 3) Include the code in 2 inside the JBoss Seam Identity class - not having the User to debug why it is not working and then to create a new class to extend that in order to make it workable
> In my opinion performing 3 will be the easier from User's point of view and will allow Seam to use WebLogic JAAS server authentication without any coding from JBoss Seam User point of view.
> Note that the proposed code doesn't depend on any BEA WebLogic specific classes.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


More information about the seam-issues mailing list