Hi. I have a swing/jboss project with JAAS. Swing app shows a login form, user fills userName and password (and some other stuf) in, JAAS consults mysql base and lets the user in. EJB3 objects on JBoss call Context.getCallerPrincipal method to obtain information about user who called them and it all works fine. But. I allow every user to log into app many times, maybe setting some parameters on login form differrent (for example ledger year). So, I want every serverSide object to be aware of the session, not only the user. I created algorithm that returns a unique id for the session while loging on and I want to pass that value to server through JAAS. I browsed a lot of JAAS literature looking for a common way to solve this (and I think my problem IS common), but I didn’t see anything similar to my story.
I guess I should pass another (third) value into Callback array, but I don’t know how and where. Any idea ?
Dragan: I want to pass that value to server through JAAS.
Does the JAAS login module need this information for authentication? If not then it will probably be a bad idea because then your login module will interact with other components on the server side and thus making the login module coupled with the components you are having.
Dragan: I guess I should pass another (third) value into Callback array, but I don’t know how and where. Any idea ?
If you have to do it then yes, the callbacks is the only way to go. You have to pass an additionaly callback and of course the callback handler must be able to handle the callback.
In my opinion, you must make a call to the server, it should first do an authentication, if required, and then do the session specific work. So, rather than the first call being the JAAS call and that internally doing session handling, it should be the other way round.