4 Replies Latest reply on Jan 3, 2006 4:04 AM by nigelwhite

    Custom callback handler

      My app uses a username, userprofile and password to authenticate users.
      I am authenticating from within a MDB, so I can call secured session bean methods. All information needed to login comes with the message and I provide this via a custom callback handler to JAAS.

      I am using this login configuration:

      logobject {
       #org.jboss.security.ClientLoginModule required multi-threaded=true;
       ch.test.common.security.FullLogon required;

      My FullLogon login module uses a custom callback to obtain a user's profile. This callback is supported by my callback handler. Unfortunately my callback handler seems to get replaced by org.jboss.security.auth.callback.SecurityAssociationHandler which of course does not support my callback. It makes no difference if I enable the ClientLoginModule. So I get the following exception:

       javax.security.auth.callback.UnsupportedCallbackException: Unrecognized Callback
       [exec] at org.jboss.security.auth.callback.SecurityAssociationHandler.handle(SecurityAssociationHandler.java:97)
       [exec] at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:955)
       [exec] at java.security.AccessController.doPrivileged(Native Method)
       [exec] at javax.security.auth.login.LoginContext$SecureCallbackHandler.handle(LoginContext.java:951)
       [exec] at ch.test.common.security.FullLogon.login(FullLogon.java:83)

      Any advice from the JBoss developers how I can use custom callbacks?
      4.0.3 with EJB3