not getting custom callbackHandler inside the loginmodule!!!
I have a problem initializing LoginContext with custom CallbackHandler!
Inside my LoginModule class in initialize(..), I am getting different CallbackHandler eventhough I instantiated the LoginContext with custom CallbackHandler.
This is the web app, using JSF components (ICEfaces 1.7) and JBoss 4.2.2GA.
login-config.xml under <jboss4.2.2GA home>/server/default/conf:
.... <application-policy name = "myapp-login-module"> <authentication> <login-module code="com.xyz.security.jaas.MyLoginModule" flag="required"> </login-module> </authentication> </application-policy> ....
web.xml in the WEB-INF folder:
.... <security-constraint> <web-resource-collection> <web-resource-name>All resources</web-resource-name> <description>Protects all resources</description> <url-pattern>/*</url-pattern> </web-resource-collection> </security-constraint> ....
jboss-web.xml
<jboss-web> <context-root>/myapp</context-root> <security-domain>java:/jaas/myapp-login-module</security-domain> </jboss-web>
faces-config.xml
...
<managed-bean>
<description>
user info, implements Principal and has getName()
</description>
<managed-bean-name>userProfile</managed-bean-name>
<managed-bean-class>com.xyz.security.business.UserProfile</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>
...
<managed-bean>
<description>
this class has login method and instantiates LoginContext with the custom CallbackHandler
</description>
<managed-bean-name>appSecurity</managed-bean-name>
<managed-bean-class>com.xyz.security.jaas.AppSecurity</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
<managed-property>
<property-name>userProfile</property-name>
<value>#{userProfile}</value>
</managed-property>
</managed-bean>
.....
AppSecurity.java
...
public AppSecurity(){
handler = new MyCallbackHandler();
}
public void login() throws LoginException{
LoginContext loginContext = new LoginContext("myapp-login-module", handler);
loginContext.login();
}
...
Our LoginModule class 'MyLoginModule' is not getting custom callback handler inside initialize(...) method. I know, I am doing a big mistake here, please help me out.
Thanks