3 Replies Latest reply on Apr 9, 2009 4:58 PM by padrew

    Getting Callback Handler from LoginModule

    jeeads
    jeeads Jun 11, 2004 4:35 PM

      I have written my own callback handler, MD5UserNamePasswordCallbackHandler, that handles TextInputCallbacks. When I logon to the app server this handler is invoked. Later when a remote datasource is accessed via a session bean the connection information is renedered through another login module. Within this module I create a TextInputCallback and pass it to the handler that is passed in the initialization of the login module. It seems that by the time the callback handler reaches the second login module it is wrapped as javax.security.auth.login.LoginContext$SecureCallbackHandler and when I pass the callback to this handler it doesn't know how to handle a TextInputCallback? I want to use the callback to prompt the user to input username and password for the remote database connection. How do I cast the handler back to the initial callback handler that knows how to handle the callback?

      Thanks
      Jerry

      • 5140 Views
      • Tags:
        • 1. Re: Getting Callback Handler from LoginModule
          starksm64
          starksm64 Jun 15, 2004 10:15 AM (in response to jeeads)

          This is on the server side? It makes little sense in general to have a server side callback handler attempt to interact with a user input which is why the default CallbackHandler does not deal with TextInputCallbacks. You can change the CallbackHandler used by jboss by setting the CallbackHandlerClassName attribute on the JaasSecurityManagerService if you have a setup where this does make sense.

           <!-- JAAS security manager and realm mapping -->
 <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
 name="jboss.security:service=JaasSecurityManager">
 <attribute name="SecurityManagerClassName">
 org.jboss.security.plugins.JaasSecurityManager
 </attribute>
 <attribute name="CallbackHandlerClassName">
 com.dot.MyCallbackHandler
 </attribute>
 </mbean>



            • Actions
          • 2. Re: Getting Callback Handler from LoginModule
            jeeads
            jeeads Jun 15, 2004 10:35 AM (in response to jeeads)

            Scott,
            You are correct the login module being used for the remote datasource is on the server and therefore has no connection with the client. I will have to make my API aware of the need for capturing a username and password from the user when a datasource with that type of authorization is accessed.

            Thanks
            Jerry

              • Actions
            • 3. Re: Getting Callback Handler from LoginModule
              padrew Apr 9, 2009 4:58 PM (in response to jeeads)

              I have writen my own CallbackHandler and when I configure it in my jboss-service.xml file:

              <!-- JAAS security manager and realm mapping -->
 <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
 name="jboss.security:service=JaasSecurityManager">
 <attribute name="ServerMode">true</attribute>
 <attribute name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityManager</attribute>
 <attribute name="DefaultUnauthenticatedPrincipal">anonymous</attribute>
 <attribute name="CallbackHandlerClassName">com.DbCallbackHandler</attribute>

              I am getting a No ClassLoaders found for: com.DbCallbackHandler.

              The class does exist in a jar on the server. Does it need to be placed in a special location?

                • Actions