3 Replies Latest reply on Jun 18, 2008 10:43 AM by filip.majernik

    Custom credential object and cache

    piotr.koper

      Hi all.

      I'd like to use my own credential object in my login module. Everything works perfectly, but there is no cache and every logging lasts almost 2 seconds. Earlier, when i used PasswordCallback and simply String password as credential - cache was working normally and I was very, very happy. I'd like to know is there any possibility to enable cache with my custom credential object? If yes - how, If not... at least i will know that is a feature.

      What i have/use is:
      * jboss-4.2.1.GA on Windows XP Professional SP2
      * my own login module:

      public class MyLoginModule extends AbstractServerLoginModule
      {
      
       // my login method
       public boolean login() throws LoginException
       {
       super.loginOk = false;
      
       NameCallback nameCallback = new NameCallback("login: ");
       ObjectCallback objectCallback = new ObjectCallback("ObjectCallback");
       try
       {
       callbackHandler.handle(new Callback[]{ nameCallback, objectCallback});
       identity = new SimplePrincipal(nameCallback.getName());
       credential = (MyCredential) objectCallback.getCredential();
      
       SecurityAssociation.setPrincipal(identity);
       SecurityAssociation.setCredential(credential);
       }
       catch (IOException e)
       {
       e.printStackTrace();
       }
       catch (UnsupportedCallbackException e)
       {
       e.printStackTrace();
       }
      
       // now i use other some class to verify data
       super.loginOk = true;
       }
      
       // more code here, but it's not important here
      
      }
      

      * I don't use cache-controll file jboss-service.xml
      * In my secured ejb:
      @EJB
      @SecurityDomain("sec-domain")
      public class HelloBean implements HelloLocal, HelloRemote
      {
       // implementations of Local and Remote interfaces
      }


      * In my servlet:
      LoginContext lc = new LoginContext("sec-domain", instanceOfCallbackHandler);
      lc.login();


      Thanks for any help or suggestions
      piotr.koper

        • 1. Re: Custom credential object and cache
          anil.saldhana

          Ensure that the credential object has "equals" and "hashCode" methods overriden such that you get object equality.

          • 2. Re: Custom credential object and cache
            piotr.koper

            When i was writing this post - there was no overridings for equals and hashCode methods. Now they are and for me - it works. Thanks. But unfortunately there is new problem. My co-worker must login in with j_security_check servlet. There credential is password only.

            So - I created cache specific for my login module. Now it works exactly as I expected.

            Many thanks for answer.
            piotr.koper

            • 3. Re: Custom credential object and cache
              filip.majernik

              Hi Piotr,
              I think I have a similar problem as your co-worker. I am using a j_security_check with a custom LoginModule that tries to connect to an Oracle database with the username and password provided. The thing is, that I am not able to access the password in a plaintext, which I need if I want to try to connect to the database.

              Any suggestions? And if it has nothing to do with this thread, then I'm sorry :)

              thanks
              Filip