Re: [JBoss-dev] authenticating using a non-text credential (ObjectCallback)

[Scott M Stark]

Yes, the successful login populates the cache with the authentication info. After that, only validateCache needs to be able to compare the opaque credentials against the cache value. If there is no cache the login module is called to authenticate the credentials and this has to understand what the credentials are and be able to interact with the handler. The JaasSecurityManager does not care about the credentials other than needing to be able to compare the raw cached credentials against the invocation credentials. As long as the credential object implements the Comparable interface this can be done and is the first check made. If the credential implements equals things will also work.   xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: Jason Essington To: [EMAIL PROTECTED] Sent: Wednesday, November 20, 2002 4:20 PM Subject: Re: [JBoss-dev] authenticating using a non-text credential (ObjectCallback) Right, so the only place comparisons are made is in the validateCache() method. Does the initial login (from the code below) populate the domainCache with CacheInfo for the comparison, or does it need to be done some other way. If the cache is nonexistant or expired login falls through to the defaultLogin method which will cause unsupported callback exceptions. thanks -jason