users@glassfish.java.net

Re: JASPIC without jmacLogin ?

From: Kumar Jayanti <v.b.kumar.jayanti_at_oracle.com>
Date: Fri, 23 Mar 2012 14:03:28 +0530

On 16-Mar-2012, at 11:37 PM, forums_at_java.net wrote:

> Hello,
>
> Currently, GF always perform a jmacLogin in BaseContainerCallbackHandler
> (then set the expected DistinguishedPrincipalCredential).
>
> The problem is that jmacLogin will then require the use of a Realm (which
> will go to local JAAS instead).
>
> My JASPIC implementation perform an authentification to a tier server and I
> don't need any "local check" (aka JAAS).

It should be possible for you to perform the authentication inside the SAM and then only invoke the GlassFish CallbackHandler to handle the CallerPrincipal and GroupPrincipal callbacks.
You do not need to perform Authentication using the CallbackHandler..
The DistinguishedPrincipalCredential will get set with CallerPrincipalCallback.

>
> Is there a way to prevent the jmacLogin in GF ? Or do I need to create a
> custom GF Realm ?
This is certainly one way, but like i said you can do the authn in your SAM.
>
> My understanding was that JASPIC replaces the GF Realm use ...
I have put my comments in the Bug that you filed.
>
> Regards,
> JB
>
>
> --
>
> [Message sent by forum member 'bjb']
>
> View Post: http://forums.java.net/node/884334
>
>