I have a problem initializing LoginContext with custom CallbackHandler!
Inside my LoginModule class in initialize(..), I am getting different CallbackHandler eventhough I instantiated the LoginContext with custom CallbackHandler.
This is the web app, using JSF components (ICEfaces 1.7) and JBoss 4.2.2GA.
login-config.xml under <jboss4.2.2GA home>/server/default/conf:
....
<application-policy name = "myapp-login-module">
<authentication>
<login-module code="com.xyz.security.jaas.MyLoginModule" flag="required">
</login-module>
</authentication>
</application-policy>
....
web.xml in the WEB-INF folder: ....
<security-constraint>
<web-resource-collection>
<web-resource-name>All resources</web-resource-name>
<description>Protects all resources</description>
<url-pattern>/*</url-pattern>
</web-resource-collection>
</security-constraint>
....
jboss-web.xml
<jboss-web>
<context-root>/myapp</context-root>
<security-domain>java:/jaas/myapp-login-module</security-domain>
</jboss-web>
faces-config.xml
...
<managed-bean>
<description>
user info, implements Principal and has getName()
</description>
<managed-bean-name>userProfile</managed-bean-name>
<managed-bean-class>com.xyz.security.business.UserProfile</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>
...
<managed-bean>
<description>
this class has login method and instantiates LoginContext with the custom CallbackHandler
</description>
<managed-bean-name>appSecurity</managed-bean-name>
<managed-bean-class>com.xyz.security.jaas.AppSecurity</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
<managed-property>
<property-name>userProfile</property-name>
<value>#{userProfile}</value>
</managed-property>
</managed-bean>
.....
AppSecurity.java ...
public AppSecurity(){
handler = new MyCallbackHandler();
}
public void login() throws LoginException{
LoginContext loginContext = new LoginContext("myapp-login-module", handler);
loginContext.login();
}
...
Our LoginModule class 'MyLoginModule' is not getting custom callback handler inside initialize(...) method. I know, I am doing a big mistake here, please help me out.
Thanks