aspose file tools*
The moose likes Security and the fly likes confusing callBackHandler Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "confusing callBackHandler" Watch "confusing callBackHandler" New topic
Author

confusing callBackHandler

shreehari Gopalakrishnan
Ranch Hand

Joined: Jun 01, 2004
Posts: 30
In some journels i read that "An application implements a CallbackHandler and passes it to underlying security services so that they may interact with the application to retrieve specific authentication data, such as usernames and passwords" but in our projects we are creating a loginContext

loginContext = new LoginContext("LDAPPasswordLoginModule", new CallbackHandlerImpl(userName, password, ldapConfigInfo));

I am get confused whether we are passing the username and password to call back handler or call back handler retrives that from the application ?

what is it actually does please help me out.............

Thanks in advance
Karthik Guru
Ranch Hand

Joined: Mar 06, 2001
Posts: 1209
Originally posted by shreehari Gopalakrishnan:

whether we are passing the username and password to call back handler or call back handler retrives that from the application ?


IMO,
You can do it wither way.Sometimes you can get the user name and password interactively (active mode) while at other times you cant (say for eg in a web application). This is passive mode. In that case you can pass the username and password (by extracting it from the request object/whatever) while creating the LoginContext , the way you have in the code.

But say u have a command line interface to your application, then you might as well prompt for the user name and password in callbackHandler.handle(Callback[] callbacks) method. In this case you dont pass the user name, password to the callbackhandler when instatiating LoginContext, instead you request for that from the user in the handle() callback method.

HTH
shreehari Gopalakrishnan
Ranch Hand

Joined: Jun 01, 2004
Posts: 30
Thanks karthk

what is the significance in using a callBackHandler
can we directly pass the id and password to LDAP and do authentication?
If CallBackHandler retrives the id and password from the application why we need to pass that throuth function or commandline??

I am still confused ....

T I Advance
 
 
subject: confusing callBackHandler