Re: [JBoss-dev] authenticating using a non-text credential (ObjectCallback)

[Scott M Stark]

I updated the default CallbackHandler used by the JaasSecurityManager to support ObjectCallbacks and changed the SigAuthenticationHandler to use the isValid() method. The use of null as the principal indicates this is not really an authentication so I need to understand what the context of the validation is. If you just want to know if the cert should be accepted why not use the KeyStore associated with the security domain to see if the cert is know to the security domain and validate the cert as a X509Certificate?   Explain the context some more and if there are cert management functions that should be part of the SecurityDomain interface I'll look into adding them.   xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: Jason Essington To: [EMAIL PROTECTED] Sent: Monday, November 25, 2002 11:14 AM Subject: Re: [JBoss-dev] authenticating using a non-text credential (ObjectCallback) O.K. I have checked in the Authentication part (It shouldn't break the build). It consists of an axis handler (org.jboss.net.axis.security.SigAuthenticationHandler) which is where I thought the login (or at least preparation for the login) should happen. and the login module(s) (org.jboss.net.axis.security.login.spi.CertificateLoginModule). I have not checked in the xml digital signature verification handler yet, as it depends upon the Apache XML-Security library. Is that something that could be added to thirdparty? Thanks -jason