Re: [JBoss-dev] authenticating using a non-text credential (ObjectCallback)

[Scott M Stark]

There are several mechasinsm the security manager uses to compare credentials. Implement Comparable if you want to control the comparision. Look at the JaasSecurityManager code for the comparison preferences.   xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: Jason Essington To: [EMAIL PROTECTED] Sent: Wednesday, November 20, 2002 8:43 AM Subject: [JBoss-dev] authenticating using a non-text credential (ObjectCallback) I am trying to allow a login using an X509 Certificate as a credential. My login module uses an ObjectCallback to retrieve the certificate. All is fine and dandy if I do something like this: String domain = authMgr.getSecurityDomain(); ObjectCallbackHandler och = new ObjectCallbackHandler(cert); // use my own callback handler LoginContext lc = new LoginContext(domain, och); lc.login(); but further on down the road (mere milliseconds later actually) when the JaasSecurityManager attempts to call its isValid(Principal, Object) method, the SecurityAssiciationHandler (used in the private defaultLogin() method) chokes on the callback. I am storing the credential (certificate) in SecurityAssociation, which allows any object to be held as a credential. Do I need to extend the JaasSecurityManager (actually JaasSecurityDomain) to be able to properly verify ( isValid() ) this type of credential, or am I making things more difficult than they should be? Thanks -jason