-
1. Re: Decoupling client from SecurityAssociation
bratseth Aug 16, 2002 11:31 AM (in response to ws_dev)I guess you are. This is one way to do it without:
1. Make a login configuration which tells JAAS to use
org.jboss.security.ClientLoginModule (without referencing ther class. If you don't want to mess with java.policy, create a subclass of javax.security.auth.login.LoginConfiguration
which returns the configuration entry you want
(tha class name above, the constant REQUIRED and no options)
and do a javax.security.auth.login.Configuration.setConfiguration(new MyConfiguration());
at startup.
2. Create your own implementation of javax.security.auth.callback.CallbackHandler
to return the user name and password from wherever you obtain it.
3. Do
new javax.security.auth.login.LoginContext("whatever", new myCallbackHandler()).login(); -
2. Re: Decoupling client from SecurityAssociation
bratseth Aug 16, 2002 11:32 AM (in response to ws_dev)I guess you are. This is one way to do it without:
1. Make a login configuration which tells JAAS to use
org.jboss.security.ClientLoginModule (without referencing ther class. If you don't want to mess with java.policy, create a subclass of javax.security.auth.login.LoginConfiguration
which returns the configuration entry you want
(tha class name above, the constant REQUIRED and no options)
and do a javax.security.auth.login.Configuration.setConfiguration(new MyConfiguration());
at startup.
2. Create your own implementation of javax.security.auth.callback.CallbackHandler
to return the user name and password from wherever you obtain it.
3. Do
new javax.security.auth.login.LoginContext("whatever", new myCallbackHandler()).login(); -
3. Re: Decoupling client from SecurityAssociation
bratseth Aug 16, 2002 11:32 AM (in response to ws_dev)I guess you are. This is one way to do it without:
1. Make a login configuration which tells JAAS to use
org.jboss.security.ClientLoginModule (without referencing ther class. If you don't want to mess with java.policy, create a subclass of javax.security.auth.login.LoginConfiguration
which returns the configuration entry you want
(tha class name above, the constant REQUIRED and no options)
and do a javax.security.auth.login.Configuration.setConfiguration(new MyConfiguration());
at startup.
2. Create your own implementation of javax.security.auth.callback.CallbackHandler
to return the user name and password from wherever you obtain it.
3. Do
new javax.security.auth.login.LoginContext("whatever", new myCallbackHandler()).login();