geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Mulder" <ammul...@alumni.princeton.edu>
Subject Re: handling JAAS callbacks
Date Mon, 12 Jun 2006 12:18:33 GMT
So it sounds like right now your JAAS lookup is going through a
Geronimo login module, whether you like it or not.  The
DecouplingCallbackHandler is Geronimo's way of gathering all the input
it needs in order to populate the various login modules that may be
configured for that security realm.  (So it should be passing the data
on to your login module once it gathers it.)

If I recall correctly, there is a way for you to bypass Geronimo's
plumbing entirely and call your login module directly, if that's what
you want to do.  But I don't remember exactly what the procedure is.
Alan?

Thanks,
    Aaron

On 6/12/06, Sunny Saxena <Sunny_Saxena@infosys.com> wrote:
>
>
>
> heya,
>
>     My application uses JAAS Login Modules for authentication. I have created a gbean
in my geronimo-application.xml specifying the loginmodule in it.
> Now, at the point in my application, where the authentication takes place, the loginmodule
class is found, but I get the following error.
>
> ERROR:::
>
> javax.security.auth.callback.UnsupportedCallbackException: DO NOT PROCEED WITH THIS LOGIN
>         at org.apache.geronimo.security.jaas.server.DecouplingCallbackHandler.handle(DecouplingCallbackHandler.java:43)
>         ...
> javax.security.auth.login.LoginException: Error filling callback list
>         at org.apache.geronimo.security.jaas.client.ServerLoginProxy.login(ServerLoginProxy.java:78)
>         at org.apache.geronimo.security.jaas.client.JaasLoginCoordinator.performLogin(JaasLoginCoordinator.java:189)
>         at org.apache.geronimo.security.jaas.client.JaasLoginCoordinator.login(JaasLoginCoordinator.java:113)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:324)
>         at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
>         at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
>         at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
>         at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
>         ...
> Caused by: java.lang.NullPointerException
>         at java.lang.String.<init>(String.java:166)
>         ...
>
>
> Now, I got from Aaron's previous replies, that the "DO NOT PROCEED" error can be ignored.
> But, now the "Error filling callback list" is causing the problem.
>
> My application has a custom callbackhandler. When my login module handles the callback
through callbackHandler.handle(callbacks[]);, it does not enter my custom callback handler's
handle() method. On priniting the classname of the callbackhandler used, I get the DecouplingCallbackHandler
of geronimo. How can I make it use my customcallbackHandler??? Or is it something else that
I may be missing.
>
> Thanks
> Sunny
>
>
> **************** CAUTION - Disclaimer *****************
>  This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the
use of the addressee(s). If you are not the intended recipient, please notify the sender by
e-mail and delete the original message. Further, you are not to copy, disclose, or distribute
this e-mail or its contents to any other person and any such actions are unlawful. This e-mail
may contain viruses. Infosys has taken every reasonable precaution to minimize this risk,
but is not liable for any damage you may sustain as a result of any virus in this e-mail.
You should carry out your own virus checks before opening the e-mail or attachment. Infosys
reserves the right to monitor and review the content of all messages sent to or from this
e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys
e-mail system.
>  ***INFOSYS******** End of Disclaimer ********INFOSYS***
>

Mime
View raw message