[
https://issues.apache.org/jira/browse/CXF-3658?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aki Yoshida resolved CXF-3658.
------------------------------
Resolution: Fixed
Added some code to support any password callback with signature
setObject(Object), setObject(char[]), or setObject(String) directly. That
means, the jetty's authentication is supported out of the box.
If the callback method differs from setObject, the method name can be passed to
the NamePasswordCallback object.
> Make NamePasswordCallback used for JAAS login more flexible so that it can
> handle non-standard password callback objects (e.g., Jetty's)
> ----------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CXF-3658
> URL: https://issues.apache.org/jira/browse/CXF-3658
> Project: CXF
> Issue Type: Improvement
> Components: Core
> Affects Versions: 2.4.1
> Reporter: Aki Yoshida
> Assignee: Aki Yoshida
> Priority: Minor
> Fix For: 2.4.2, 2.5
>
>
> Some JAAS implementations (e.g., org.eclipse.jetty's jetty-plus) do not use
> the standard password callback class,
> javax.security.auth.callback.PasswordCallback but instead uses its own
> callback method.
> As the current implemenation of
> org.apache.cxf.interceptor.security.NamePasswordCallback assumes this
> standard pasword callback class when setting the password, it fails to set
> the password correctly in this case, and subsequently failing to authenticate.
> One can write a custom JAASLoginInterceptor to overwrite the behavior of the
> NamePasswordCallback class. However, some may feel uncomfortable with this
> approach.
> This patch adds some reflection based code in NamePasswordCallback so that
> non-standard password callback classes can be handled appropriately by this
> class, thereby eliminating the need for a custom JAASLoginInterceptor in most
> cases.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
