Make NamePasswordCallback used for JAAS login more flexible so that it can
handle non-standard password callback objects (e.g., Jetty's)
----------------------------------------------------------------------------------------------------------------------------------------
Key: CXF-3658
URL: https://issues.apache.org/jira/browse/CXF-3658
Project: CXF
Issue Type: Improvement
Components: Core
Affects Versions: 2.4.1
Reporter: Aki Yoshida
Assignee: Aki Yoshida
Priority: Minor
Fix For: 2.4.2, 2.5
Some JAAS implementations (e.g., org.eclipse.jetty's jetty-plus) do not use the
standard password callback class, javax.security.auth.callback.PasswordCallback
but instead uses its own callback method.
As the current implemenation of
org.apache.cxf.interceptor.security.NamePasswordCallback assumes this standard
pasword callback class when setting the password, it fails to set the password
correctly in this case, and subsequently failing to authenticate.
One can write a custom JAASLoginInterceptor to overwrite the behavior of the
NamePasswordCallback class. However, some may feel uncomfortable with this
approach.
This patch adds some reflection based code in NamePasswordCallback so that
non-standard password callback classes can be handled appropriately by this
class, thereby eliminating the need for a custom JAASLoginInterceptor in most
cases.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
