2 Replies Latest reply on Jun 16, 2008 6:23 PM by balajiv

    not getting custom callbackHandler inside the loginmodule!!!

    balajiv

      I have a problem initializing LoginContext with custom CallbackHandler!
      Inside my LoginModule class in initialize(..), I am getting different CallbackHandler eventhough I instantiated the LoginContext with custom CallbackHandler.

      This is the web app, using JSF components (ICEfaces 1.7) and JBoss 4.2.2GA.

      login-config.xml under <jboss4.2.2GA home>/server/default/conf:

      ....
      <application-policy name = "myapp-login-module">
       <authentication>
       <login-module code="com.xyz.security.jaas.MyLoginModule" flag="required">
       </login-module>
       </authentication>
      </application-policy>
      ....
      



      web.xml in the WEB-INF folder:

      ....
      <security-constraint>
       <web-resource-collection>
       <web-resource-name>All resources</web-resource-name>
       <description>Protects all resources</description>
       <url-pattern>/*</url-pattern>
       </web-resource-collection>
       </security-constraint>
      ....



      jboss-web.xml
      <jboss-web>
       <context-root>/myapp</context-root>
       <security-domain>java:/jaas/myapp-login-module</security-domain>
      </jboss-web>



      faces-config.xml

      ...
      <managed-bean>
       <description>
       user info, implements Principal and has getName()
       </description>
       <managed-bean-name>userProfile</managed-bean-name>
       <managed-bean-class>com.xyz.security.business.UserProfile</managed-bean-class>
       <managed-bean-scope>session</managed-bean-scope>
       </managed-bean>
      ...
      <managed-bean>
       <description>
       this class has login method and instantiates LoginContext with the custom CallbackHandler
       </description>
       <managed-bean-name>appSecurity</managed-bean-name>
       <managed-bean-class>com.xyz.security.jaas.AppSecurity</managed-bean-class>
       <managed-bean-scope>session</managed-bean-scope>
       <managed-property>
       <property-name>userProfile</property-name>
       <value>#{userProfile}</value>
       </managed-property>
       </managed-bean>
      .....
      



      AppSecurity.java

      ...
      public AppSecurity(){
       handler = new MyCallbackHandler();
      }
      
      public void login() throws LoginException{
       LoginContext loginContext = new LoginContext("myapp-login-module", handler);
       loginContext.login();
      }
      ...
      



      Our LoginModule class 'MyLoginModule' is not getting custom callback handler inside initialize(...) method. I know, I am doing a big mistake here, please help me out.

      Thanks