Everyting has worked as expected so far, but when jboss.net attempts to invoke the requested method on the bean, JBoss wants the credentials authenticated again (still in the same domain), only this time it seems the JaasSecurityManager has no cached credentials to compare, so it falls through to the defaultLogin method where it attempts to use the SecurityAssociationHandler (CallbackHandler) that only knows how to deal with NameCallback and PasswordCallback. Since my login module retrieves the X509Certificate via an ObjectCallback, the login fails at this point with an UnsupportedCallbackException.
I am wondering what has happened to my cached login information?
What would cause JBoss to want to perform the authentication again?
thanks
-jason
On Wednesday, November 20, 2002, at 07:55 PM, Scott M Stark wrote:
Yes, the successful login populates the cache with the authentication info. After
that, only validateCache needs to be able to compare the opaque credentials against
the cache value. If there is no cache the login module is called to authenticate the
credentials and this has to understand what the credentials are and be able to interact
with the handler. The JaasSecurityManager does not care about the credentials other
than needing to be able to compare the raw cached credentials against the invocation
credentials. As long as the credential object implements the Comparable interface this
can be done and is the first check made. If the credential implements equals things will
also work.
�
xxxxxxxxxxxxxxxxxxxxxxxx
Scott Stark
Chief Technology Officer
JBoss Group, LLC
xxxxxxxxxxxxxxxxxxxxxxxx
----- Original Message -----
From: Jason Essington
To: [EMAIL PROTECTED]
Sent: Wednesday, November 20, 2002 4:20 PM
Subject: Re: [JBoss-dev] authenticating using a non-text credential (ObjectCallback)
Right, so the only place comparisons are made is in the validateCache() method. Does the initial login (from the code below) populate the domainCache with CacheInfo for the comparison, or does it need to be done some other way. If the cache is nonexistant or expired login falls through to the defaultLogin method which will cause unsupported callback exceptions.
thanks
-jason
