• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

confusing callBackHandler

 
shreehari Gopalakrishnan
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In some journels i read that "An application implements a CallbackHandler and passes it to underlying security services so that they may interact with the application to retrieve specific authentication data, such as usernames and passwords" but in our projects we are creating a loginContext

loginContext = new LoginContext("LDAPPasswordLoginModule", new CallbackHandlerImpl(userName, password, ldapConfigInfo));

I am get confused whether we are passing the username and password to call back handler or call back handler retrives that from the application ?

what is it actually does please help me out.............

Thanks in advance
 
Karthik Guru
Ranch Hand
Posts: 1209
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by shreehari Gopalakrishnan:

whether we are passing the username and password to call back handler or call back handler retrives that from the application ?


IMO,
You can do it wither way.Sometimes you can get the user name and password interactively (active mode) while at other times you cant (say for eg in a web application). This is passive mode. In that case you can pass the username and password (by extracting it from the request object/whatever) while creating the LoginContext , the way you have in the code.

But say u have a command line interface to your application, then you might as well prompt for the user name and password in callbackHandler.handle(Callback[] callbacks) method. In this case you dont pass the user name, password to the callbackhandler when instatiating LoginContext, instead you request for that from the user in the handle() callback method.

HTH
 
shreehari Gopalakrishnan
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks karthk

what is the significance in using a callBackHandler
can we directly pass the id and password to LDAP and do authentication?
If CallBackHandler retrives the id and password from the application why we need to pass that throuth function or commandline??

I am still confused ....

T I Advance
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic