geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sunny Saxena" <Sunny_Sax...@infosys.com>
Subject RE: handling JAAS callbacks
Date Wed, 14 Jun 2006 06:32:21 GMT
Aaron,

	If I stop the geronimo/j2ee-security module, and then run my
program, it picks up the login module config file from the security
module, and everything runs fine. But I don't want to do that. As you
said, there is a way to bypass geronimo's security... Can you please
tell me how can we do it for my specific application?
	Or is there a reason to why the j2ee security module in geronimo
is doing that?

Thanks


-----Original Message-----
From: ammulder@gmail.com [mailto:ammulder@gmail.com] On Behalf Of Aaron
Mulder
Sent: Monday, June 12, 2006 5:49 PM
To: user@geronimo.apache.org
Subject: Re: handling JAAS callbacks

So it sounds like right now your JAAS lookup is going through a Geronimo
login module, whether you like it or not.  The DecouplingCallbackHandler
is Geronimo's way of gathering all the input it needs in order to
populate the various login modules that may be configured for that
security realm.  (So it should be passing the data on to your login
module once it gathers it.)

If I recall correctly, there is a way for you to bypass Geronimo's
plumbing entirely and call your login module directly, if that's what
you want to do.  But I don't remember exactly what the procedure is.
Alan?

Thanks,
    Aaron

On 6/12/06, Sunny Saxena <Sunny_Saxena@infosys.com> wrote:
>
>
>
> heya,
>
>     My application uses JAAS Login Modules for authentication. I have
created a gbean in my geronimo-application.xml specifying the
loginmodule in it.
> Now, at the point in my application, where the authentication takes
place, the loginmodule class is found, but I get the following error.
>
> ERROR:::
>
> javax.security.auth.callback.UnsupportedCallbackException: DO NOT
PROCEED WITH THIS LOGIN
>         at
org.apache.geronimo.security.jaas.server.DecouplingCallbackHandler.handl
e(DecouplingCallbackHandler.java:43)
>         ...
> javax.security.auth.login.LoginException: Error filling callback list
>         at
org.apache.geronimo.security.jaas.client.ServerLoginProxy.login(ServerLo
ginProxy.java:78)
>         at
org.apache.geronimo.security.jaas.client.JaasLoginCoordinator.performLog
in(JaasLoginCoordinator.java:189)
>         at
org.apache.geronimo.security.jaas.client.JaasLoginCoordinator.login(Jaas
LoginCoordinator.java:113)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
>         at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:324)
>         at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
>         at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
>         at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at
javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:60
7)
>         at
javax.security.auth.login.LoginContext.login(LoginContext.java:534)
>         ...
> Caused by: java.lang.NullPointerException
>         at java.lang.String.<init>(String.java:166)
>         ...
>
>
> Now, I got from Aaron's previous replies, that the "DO NOT PROCEED"
error can be ignored.
> But, now the "Error filling callback list" is causing the problem.
>
> My application has a custom callbackhandler. When my login module
handles the callback through callbackHandler.handle(callbacks[]);, it
does not enter my custom callback handler's handle() method. On
priniting the classname of the callbackhandler used, I get the
DecouplingCallbackHandler of geronimo. How can I make it use my
customcallbackHandler??? Or is it something else that I may be missing.
>
> Thanks
> Sunny
>
>
> **************** CAUTION - Disclaimer *****************  This e-mail 
> contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for
the use of the addressee(s). If you are not the intended recipient,
please notify the sender by e-mail and delete the original message.
Further, you are not to copy, disclose, or distribute this e-mail or its
contents to any other person and any such actions are unlawful. This
e-mail may contain viruses. Infosys has taken every reasonable
precaution to minimize this risk, but is not liable for any damage you
may sustain as a result of any virus in this e-mail. You should carry
out your own virus checks before opening the e-mail or attachment.
Infosys reserves the right to monitor and review the content of all
messages sent to or from this e-mail address. Messages sent to or from
this e-mail address may be stored on the Infosys e-mail system.
>  ***INFOSYS******** End of Disclaimer ********INFOSYS***
>

Mime
View raw message