cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aki Yoshida (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-3658) Make NamePasswordCallback used for JAAS login more flexible so that it can handle non-standard password callback objects (e.g., Jetty's)
Date Wed, 20 Jul 2011 14:48:58 GMT

     [ https://issues.apache.org/jira/browse/CXF-3658?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Aki Yoshida resolved CXF-3658.
------------------------------

    Resolution: Fixed

Added some code to support any password callback with signature setObject(Object), setObject(char[]),
or setObject(String) directly. That means, the jetty's authentication is supported out of
the box.

If the callback method differs from setObject, the method name can be passed to the NamePasswordCallback
object.

> Make NamePasswordCallback used for JAAS login more flexible so that it can handle non-standard
password callback objects (e.g., Jetty's)
> ----------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CXF-3658
>                 URL: https://issues.apache.org/jira/browse/CXF-3658
>             Project: CXF
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 2.4.1
>            Reporter: Aki Yoshida
>            Assignee: Aki Yoshida
>            Priority: Minor
>             Fix For: 2.4.2, 2.5
>
>
> Some JAAS implementations (e.g., org.eclipse.jetty's jetty-plus) do not use the standard
password callback class, javax.security.auth.callback.PasswordCallback but instead uses its
own callback method.
> As the current implemenation of org.apache.cxf.interceptor.security.NamePasswordCallback
assumes this standard pasword callback class when setting the password, it fails to set the
password correctly in this case, and subsequently failing to authenticate.
> One can write a custom JAASLoginInterceptor to overwrite the behavior of the NamePasswordCallback
class. However, some may feel uncomfortable with this approach.
> This patch adds some reflection based code in NamePasswordCallback so that non-standard
password callback classes can be handled appropriately by this class, thereby eliminating
the need for a custom JAASLoginInterceptor in most cases.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message