0 Replies Latest reply on Jun 4, 2012 4:39 PM by arjan tijms

    WebJASPIAuthenticator ignores GroupPrincipalCallback but requires PasswordValidationCallback

    arjan tijms Novice

      In JBoss AS 7.1.1, if a user provided ServerAuthModule provides a GroupPrincipalCallback, this is ignored by WebJASPIAuthenticator. The provider handler copies the GroupPrincipalCallback, but the authenticator then does nothing with it. Simulteanously, if the ServerAuthModule does not provide a PasswordValidationCallback to the handler, then this will result in a null pointer exception in the authenticator.

       

      I wonder is this is correct? Reading about JASPI/JSR 196 it seems a GroupPrincipalCallback should be processed when provided and a PasswordValidationCallback should not be required.