users@glassfish.java.net

Re: JAAS callback support in AppservPasswordLoginModule

From: <glassfish_at_javadesktop.org>
Date: Tue, 20 May 2008 08:49:48 PDT

Unfortunately, I am going to have to do a lot of reading about jsr 196 before I can begin to write an authentication module for it.

I guess I don't understand or I did not explain the issue well enough. seam is calling the GF LdapLoginModule. I am not calling the seam login module at all. The concept of an intermediate login module is interesting, but I need a little more clarity.

By this are you meaning that I should write a login module that in effect only verifies that the user has submitted username and password credentials. Then the commit method would set the required password credential on the subject so that the LDAP login module can properly authenticate? I believe that I can do this, but the PasswordCredential constructor requires the realm name, how would I get this from within the custom LoginModule.

You stated, "As you know they use the jaas interfaces in a "special" and yet public way; which we need to honor for backward compatability reasons." what do you mean?

The AppservPasswordLoginModule could have a flag that would enable it to look for the username and password in the callback or as a Private Credential, thus enabling JAAS compatible or backwards compatibility modes. The problem is that the module violates the manner in which a JAAS login module is supposed to function according to the interface's javadocs. Although after digging into the implementation javadocs one clearly sees that this is true as it is commented as such, but when reading the javadocs for the interface and how it is supposed to function this becomes very confusing.

-- Chad
[Message sent by forum member 'chadws' (chadws)]

http://forums.java.net/jive/thread.jspa?messageID=275504