2 Replies Latest reply on Dec 4, 2013 9:53 AM by riskyseven

    Custom CallbackHandler

    sverker

      I have an application which publish several websites. Username is unique per website, and when logging in my custom login module has extended 

      org.jboss.web.tomcat.security.HttpServletRequestLoginModule so that it can get hold of the request object and find out which website to login to.

       

      There is also an applet component, which is communicating with the system over RMI. This is where the problems begin, as I need to send three parameters when logging in (username, password and the site url). With JAAS, the normal way to do that would be to implement my own CallbackHandler and callbacks, which I've done but that doesn't work with JBoss.

       

      In my login module I get a callbackhandler which is a wrapped org.jboss.security.auth.callback.JBossCallbackHandler. I found that I can specify another CallbackHandler by configuring the JaasSecurityManagerService (as described here: http://anil-identity.blogspot.com/2009/05/as51-specifying-custom-call-back.html). However, there are two major issues with that approach:

       

      1) I only want to configure this specific callback handler for this security domain, i.e. this application. I do not want to have to change for the whole application service.

       

      2) As I understand from tracing the code it wouldn't help even if I do that as the callback will only be initialized with the principal and credentials and no other data which would be needed for my extra data.

       

      I've searched a lot of questions about this issue but really no answers. Is it possible to solve?

       

      Best regards

      Sverker