0 Replies Latest reply on Sep 11, 2002 1:46 PM by Pete Clearwater

    JAAS, custom logins and custom principals

    Pete Clearwater Newbie

      Hi.

      I'll try and be as concise as possible, but I'm so confused that what follows may be somewhat unintelligible...

      I have a custom login module which uses a username and password to access an http authorization server. This auth server returns a String ticket indicating the user is authorized, and I can then use that ticket to get various other info about the user. If I use the standard JAAS login stuff (passing around username and password through the various callback mechanisms) everything works OK, except that I have no way within my login module to know whether the username/password combo has previously been authenticated, so I have to go the the auth server every time. Obviously not good. I could use some caching mechanism but I'd rather avoid this as it could cause problems unless I could clear it somehow when the users session is cleared.

      Preferably, I'd like to pass around this "ticket" info as well as the username and password. If a user has a ticket, then she is authorized and I can skip the http call. The problem is how to do this. I've tried writing a custom callback handler and callback which handles this extra text, and I've also tried using the SecurityAssociationCallback using a custom principal. These all fail because of some assumptions made in the JAASSecurityManager - it always uses SecurityAssociationCallback and it always assumes that the principal is a SimplePrincipal.

      Is there any way around this? I'm trying to go through all this JAAS (pardon my french) crap because I thought I would be able to "write once" and "run anywhere, or at least on any JAAS compliant server" but if I have to write custom code for every J2EE server I use what's the point? (not to mention the fact that I probably won't be able to do anything even similar on non-open source servers like Weblogic or WebSphere...)

      Thanks in advance.

      pete.