Re: [JBoss-dev] authenticating using a non-text credential (ObjectCallback)

[Scott M Stark]

There is no cached information unless you invoked the security manager isValid method. If you are doing the LoginContext then you are effectively replacing the security manager and only using the configured login module. You should be looking up the security manager rather than doing the login yourself. Just checkin the code and I'll point it in the right direction.   xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: Jason Essington To: [EMAIL PROTECTED] Sent: Friday, November 22, 2002 8:57 AM Subject: Re: [JBoss-dev] authenticating using a non-text credential (ObjectCallback) I think I understand this part well enough, however, here is what is happening in the case I am having trouble with. I am attempting to authenticate an X509Certificate that has arrived in an email (via jboss.net) I have a request handler that creates a LoginContext and a CallbackHandler and performs the login (successfully). Everyting has worked as expected so far, but when jboss.net attempts to invoke the requested method on the bean, JBoss wants the credentials authenticated again (still in the same domain), only this time it seems the JaasSecurityManager has no cached credentials to compare, so it falls through to the defaultLogin method where it attempts to use the SecurityAssociationHandler (CallbackHandler) that only knows how to deal with NameCallback and PasswordCallback. Since my login module retrieves the X509Certificate via an ObjectCallback, the login fails at this point with an UnsupportedCallbackException. I am wondering what has happened to my cached login information? What would cause JBoss to want to perform the authentication again? thanks -jason