1 Reply Latest reply on Jan 6, 2008 6:33 PM by ragavgomatam

    Caching name and passwordcallbackhandler

    kristof.devos
    kristof.devos Dec 27, 2007 8:35 AM

      Hi

      I have 2 applications running on 1 server instance. Both have a different loginmodule and have a different security domain.

      The first application is a management application and allows administrators to login on the 2nd application as different users. For this I've setup an SSO solution --> SAML ticket and username are sent loginmodule of the 2nd application using the standard form authentication (auto submit), but in the 2nd loginmodule when I use the name and passwordcallbackhandlers they return me username and password of my first application and not the username and samlticket. So callbacks still cache previous values.

      Putting the DefaultCacheTimeout = 0 is not an option as it affects our performance.

      Is there any way to make sure the callbacks are not cached?

      thx

      • 1479 Views
      • Tags:
        • 1. Re: Caching name and passwordcallbackhandler
          ragavgomatam
          ragavgomatam Jan 6, 2008 6:33 PM (in response to kristof.devos)

          To my knowledge NameCallback and PasswordCallback are not cached. What is cached is Principal for the duration of the HttpSession.

          In my login module the scope of the Callback is within the

          public boolean login() throws LoginException


          so that would negate any chance of caching

          Also in the 

          public void initialize(Subject subject, CallbackHandler callbackHandler,
 Map sharedState, Map options)


          method try to pass the security tokens in the sharedState Map if call backs are insufficient for your purpose. I used this sharedStateMap to pass information between login modules.

            • Actions