2 Replies Latest reply on Sep 7, 2007 4:34 AM by lorenz.fischer

    How to specify a custom CallbackHandler for JAAS

    lorenz.fischer
    lorenz.fischer Sep 6, 2007 5:41 AM

      Hi all

      I'm quite new to Seam and JAAS, so please don't get offended if I ask stupid questions ;)

      I'm trying to implement a web application using SEAM, JSF, and EJB3 on a weblogic server. Weblogic has it's internal LDAP server and security realms which are accessible over JAAS. I managed to configure most parts. Sad enough the LoginModule weblogic.security.auth.login.UsernamePasswordLoginModule expects the CallbackHandler to support a weblogic.security.auth.callback.URLCallback. In order to support that I wrote my own CallbackHandler, but I'm now unable to tell seam to actually load and use it. I've spent some time now searching for a solution, but obviously with no success..

      So if anybody could give me a hint, I'd be very glad.

      Thanks in advance
      Lorenz

      • 2086 Views
      • Tags:
        • 1. Re: How to specify a custom CallbackHandler for JAAS
          shane.bryzak
          shane.bryzak Sep 6, 2007 7:59 PM (in response to lorenz.fischer)

          You can provide your own callback handler by extending Identity and overriding the getDefaultCallbackHandler() method.

            • Actions
          • 2. Re: How to specify a custom CallbackHandler for JAAS
            lorenz.fischer
            lorenz.fischer Sep 7, 2007 4:34 AM (in response to lorenz.fischer)

            Thank you shane!

            That's exactly what i found out after doing some more digging in the sourcecode ;) for those being interested in the code that extends the identity:

            package somepackage.security;

import javax.security.auth.callback.CallbackHandler;

import org.jboss.seam.InterceptionType;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.Intercept;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.Startup;
import org.jboss.seam.log.Log;
import org.jboss.seam.security.Identity;

/**
 * This class allows us to specify our own CallbackHandler for the JAAS login.
 */
@Name(value = "org.jboss.seam.security.identity")
@Scope(ScopeType.SESSION)
@Intercept(InterceptionType.NEVER)
@Startup
public class ConsoleIdentity extends Identity {

 @Logger
 private Log log;

 /**
 * Supply our own Callbackhandler for the login process
 * @return an instance of ConsoleCallbackHandler
 */
 @Override
 public CallbackHandler getDefaultCallbackHandler() {
 return new ConsoleCallbackHandler(this, log);
 }

}


            If I got it right its the line

            @Name(value = "org.jboss.seam.security.identity")

            that does the trick, since this overrides the standard Identity object of Seam?

            I used a constructor that lets me pass an identity and a logger, since I couldn't get them over injection in the handler itself.. maybe I'm doing something wrong, but It seems to work like that.

            Thank you again.

            Cheers
            Lorenz



              • Actions