Hello, I'm having a bit of a nightmare trying to get this to work, and I'm hoping someone could offer advice, and an answer to why my client sees no error messages.
My aim:
- To make use of server side annotations such as @RolesAllowed.
- To present the user with a custom GUI login interface that only closes on successful login.
- To be able to deny certain password-valid users (i.e. someone who is banned for a while).
- For the client to display reasons for why the user couldn't log on.
To get the custom GUI, I figured I need a custom CallbackHandler class that has logic such as:
[code]
for (Callback c : callbacks)
{
if (c instanceof NameCallback)
{
((NameCallback)c).setName(GUIDialog.getInstance().getUsername());
}
else if (c instanceof PasswordCallback)
{
((PasswordCallback)c).setPassword(GUIDialog.getInstance().getPassphrase());
}
else if (c instanceof TextOutputCallback)
{
System.out.println("callback message: " + ((TextOutputCallback)c).getMessage());
}
else throw new UnsupportedCallbackException(c);
}
[/code]
Currently I can't seem to get an instance of TextOutputCallback coming into this method.. more about this later.
To get the @RolesAllowed to correctly deny banned users etc, I figured I needed a custom realm. Now I was just going to extend com.sun.enterprise.security.auth.realm.JDBCRealm, but sadly it was made final :-( so instead I had to extend IASRealm and copy in most of JDBCRealm code. Where queries are run on username and passwords, I now have my own query checking to see if the user is banned. Having to duplicate a final class is ringing alarm bells for me, so I'm hoping someone can point out a better way for me to do this. However it does at least work.
Now.. the big problem I'm at is getting the client to display error messages such as "Invalid user credentials", or "You are banned until xx/xx/xx". So far I've tried creating a class that implements LoginModule (I had to do this anyway because the JDBCLoginModule checks that the current realm is of type JDBCRealm, which it no longer is). Guides suggest I should be extending AppservPasswordLoginModule, but this class appears to do nothing with the callbackHandler passed into its initialise method. So instead I copied most of the code into my own class and when a LoginException was caught, I would try to tell the client about it using the following code (where callbackHandler is the one passed into the initialize method):
[code]
Callback callback = new TextOutputCallback(TextOutputCallback.ERROR, errorMessage);
callbackHandler.handle(new Callback[] { callback });
[/code]
Sadly this does nothing, and the client never even sees it :-(
My next step was going to be to find the class that calls initialize on the LoginModule, but I feel like I'm missing something obvious, so thought it's time to post about it on here (I've been stuck at this login thing for a few days now).
Any help or advice would be very much appreciated!
[Message sent by forum member 'antilochus' (antilochus)]
http://forums.java.net/jive/thread.jspa?messageID=320523