2 Replies Latest reply on Mar 29, 2007 8:49 AM by Ionut S

    receiving both my custom callback handler AND SecurityAssoci

    Ionut S Newbie

      Hi,

      I created a custom CallbackHandler, handed it to the LoginContext.

      CallbackHandler cbHandler = new SsoTokenCallbackHandler(username, password.toCharArray());

      try {
       LoginContext lc = new LoginContext("my-ctx", cbHandler);
       lc.login();
       result = true;
       } catch (LoginException e) {
       log.error("Exception during login.", e);
       result = false;
       }
      


      The problem: the initialize() method of my LoginModule I'm getting called twice:
      1) the first time with my custom callback handler (SsoTokenCallbackHandler). Here's what Eclipse is showing when debugging:
      callbackHandler LoginContext$SecureCallbackHandler (id=142)
       acc AccessControlContext (id=157)
       ch SsoTokenCallbackHandler (id=159)
      

      2) the second time with another callback handler which fails (SecurityAssociationHandler). Here's what Eclipse is showing when debugging:
      callbackHandler LoginContext$SecureCallbackHandler (id=197)
       acc AccessControlContext (id=201)
       ** ch SecurityAssociationHandler (id=202) **
      

      Is it normal to be called twice ? What can I do to receive a single call in my LoginModule ? (the first one)

      Thank you !

        • 1. Re: receiving both my custom callback handler AND SecurityAs
          Ionut S Newbie

          Probably I need to give you some more details.. I need this second login module to authenticate my ws calls. The login from the web site works very well, but if I add my login module to the existing configuration the login modules are called twice, as I told you in my previous message.

          I just realized that, if I add a new

          <?xml version='1.0'?>
          <!DOCTYPE policy PUBLIC
           "-//JBoss//DTD JBOSS Security Config 3.0//EN"
           "http://www.jboss.org/j2ee/dtd/security_config.dtd">
          <policy>
           <application-policy name = "policy1">
           <authentication>
          
           <login-module
           code="org.jboss.security.ClientLoginModule"
           flag="required">
           </login-module>
          
           <login-module code = "my.first.login.module"
           flag = "required">
           </login-module>
          
           </authentication>
           </application-policy>
          
           <application-policy name = "policy2">
           <authentication>
          
           <login-module code="my.second.login.module"
           flag="required">
           </login-module>
          
           </authentication>
           </application-policy>
          </policy>
          
          


          section in my emp-login-config.xml and include there my login module, it gets called only once. So I found the cause of the problem, but I can't explain why it happens like this.

          I have nothing against using another security domain for my WS authentication, but the problem is my EJBs are declared with @SecurityDomain("policy1"); as a consequence, when the WS calls my EJB I'm getting an exception (obvious, I know)

          Anybody ? Any idea ?

          • 2. Re: receiving both my custom callback handler AND SecurityAs
            Ionut S Newbie

            When I declare my.first.login.module as "sufficient" I am able to access the EJBs, although they are declared with

            @SecurityDomain("policy1")

            and I log on using the following code:
             LoginContext lc = new LoginContext("policy2", cbHandler);
             lc.login();
            


            When I'm debugging with Eclipse, it seems my.first.login.module is still touched, although it shouldn't (it's in policy1, not policy2)

            Any ideas why ?