2 Replies Latest reply on Sep 7, 2007 4:34 AM by lorenz fischer

    How to specify a custom CallbackHandler for JAAS

    lorenz fischer Newbie

      Hi all

      I'm quite new to Seam and JAAS, so please don't get offended if I ask stupid questions ;)

      I'm trying to implement a web application using SEAM, JSF, and EJB3 on a weblogic server. Weblogic has it's internal LDAP server and security realms which are accessible over JAAS. I managed to configure most parts. Sad enough the LoginModule weblogic.security.auth.login.UsernamePasswordLoginModule expects the CallbackHandler to support a weblogic.security.auth.callback.URLCallback. In order to support that I wrote my own CallbackHandler, but I'm now unable to tell seam to actually load and use it. I've spent some time now searching for a solution, but obviously with no success..

      So if anybody could give me a hint, I'd be very glad.

      Thanks in advance
      Lorenz

        • 1. Re: How to specify a custom CallbackHandler for JAAS
          Shane Bryzak Master

          You can provide your own callback handler by extending Identity and overriding the getDefaultCallbackHandler() method.

          • 2. Re: How to specify a custom CallbackHandler for JAAS
            lorenz fischer Newbie

            Thank you shane!

            That's exactly what i found out after doing some more digging in the sourcecode ;) for those being interested in the code that extends the identity:

            package somepackage.security;
            
            import javax.security.auth.callback.CallbackHandler;
            
            import org.jboss.seam.InterceptionType;
            import org.jboss.seam.ScopeType;
            import org.jboss.seam.annotations.Intercept;
            import org.jboss.seam.annotations.Logger;
            import org.jboss.seam.annotations.Name;
            import org.jboss.seam.annotations.Scope;
            import org.jboss.seam.annotations.Startup;
            import org.jboss.seam.log.Log;
            import org.jboss.seam.security.Identity;
            
            /**
             * This class allows us to specify our own CallbackHandler for the JAAS login.
             */
            @Name(value = "org.jboss.seam.security.identity")
            @Scope(ScopeType.SESSION)
            @Intercept(InterceptionType.NEVER)
            @Startup
            public class ConsoleIdentity extends Identity {
            
             @Logger
             private Log log;
            
             /**
             * Supply our own Callbackhandler for the login process
             * @return an instance of ConsoleCallbackHandler
             */
             @Override
             public CallbackHandler getDefaultCallbackHandler() {
             return new ConsoleCallbackHandler(this, log);
             }
            
            }
            


            If I got it right its the line

            @Name(value = "org.jboss.seam.security.identity")

            that does the trick, since this overrides the standard Identity object of Seam?

            I used a constructor that lets me pass an identity and a logger, since I couldn't get them over injection in the handler itself.. maybe I'm doing something wrong, but It seems to work like that.

            Thank you again.

            Cheers
            Lorenz