5 Replies Latest reply on May 20, 2003 2:15 AM by Tore

    Custom CallbackHandler?

    Hezekiel Newbie

      I've tried to figure a way to transfer more information in login process than just the username and password. (E.g. the classic case of limiting the number of simultaneous logins depending on the user's location or some other principal)

      The logical solution would be to implement
      1. custom CallbackHandler impl. in client side
      2. custom Callback impl. for transferring the data
      3. Deriving custom LoginModule from AbstractServerLoginModule where the login method would give this 'extra' Callback impl. for handler to handle.

      Fairly decent solution?

      Why this doesn't work?! Because the SecurityAssociationHandler doesn't allow any extra Callbacks. The handle method checks if the callback is of type SecurityAssociationCallback, ObjectCallback, NameCallback or PasswordCallback. Any other Callback impl. in the callback array will give you UnsupportedCallbackException.

      Since the SecurityAssociationHandler is not the only entity handling these Callbacks shouldn't it just ignore the unrecognized callbacks. What harm does unrecognized callback cause that the whole login process fails if there's an unknown callback in the array?

      If someone has better solution (Scott?) please let me know. I'm considering building the Jboss with this callback cheking commented out.