File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Using cookies in JAAS to extend a Single Sign On Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Using cookies in JAAS to extend a Single Sign On" Watch "Using cookies in JAAS to extend a Single Sign On" New topic
Author

Using cookies in JAAS to extend a Single Sign On

Iain Emsley
Ranch Hand

Joined: Oct 11, 2007
Posts: 60
I'm currently involved in a project to extend our cookie based SSO to an application using JAAS which I felt to be the best way of achieving the goal. I have written a CallbackHandler which will handle extracting the username and password from the cookies but I'm really not sure as to how to set up the callback from the LoginModule to get the names to check against the db and would very much appreciate some advice on the best way of doing this:
Nitesh Kant
Bartender

Joined: Feb 25, 2007
Posts: 1638

Iain:
[QB]I have written a CallbackHandler which will handle extracting the username and password from the cookies but I'm really not sure as to how to set up the callback from the LoginModule to get the names to check against the db


Looking at the posted code it seems that you have done what is required to request a callback from the callback handler(assuming that the callback handler is set appropriately). Can you tell as to what is going wrong? Is there any specific problem you are facing?

I am not sure about your database table structure but you seem to get user name and password from two different tables without specifying the user name in the password lookup query! How is this supposed to work? How do you know that the password you have retrieved is indeed for the requested user?


apigee, a better way to API!
Iain Emsley
Ranch Hand

Joined: Oct 11, 2007
Posts: 60
Hi Nitesh,

Apologies for the tardiness of the reply, an upgrade went interestingly well.

I keep getting the error:
java.lang.IllegalArgumentException
at javax.security.auth.callback.NameCallback.<init>(Unknown Source)
at uk.ac.stfc.login.check.login(check.java:45)
which is the namecallback. I think it is to do with the way that the JAAS jar has been placed. I've put it in Tomcat 5.5.23 and have set the web.xml to point to the relevant url. As above, I'm trying to use cookies but the url is presenting a form so I assume that I need to remove this form or is there are way of overriding it (I'm hooking into a third party piece of software called Bedework)?
MTIA for any help and advice
Iain
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Using cookies in JAAS to extend a Single Sign On