Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Using cookies in JAAS to extend a Single Sign On

 
Iain Emsley
Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm currently involved in a project to extend our cookie based SSO to an application using JAAS which I felt to be the best way of achieving the goal. I have written a CallbackHandler which will handle extracting the username and password from the cookies but I'm really not sure as to how to set up the callback from the LoginModule to get the names to check against the db and would very much appreciate some advice on the best way of doing this:
 
Nitesh Kant
Bartender
Posts: 1638
IntelliJ IDE Java MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Iain:
[QB]I have written a CallbackHandler which will handle extracting the username and password from the cookies but I'm really not sure as to how to set up the callback from the LoginModule to get the names to check against the db


Looking at the posted code it seems that you have done what is required to request a callback from the callback handler(assuming that the callback handler is set appropriately). Can you tell as to what is going wrong? Is there any specific problem you are facing?

I am not sure about your database table structure but you seem to get user name and password from two different tables without specifying the user name in the password lookup query! How is this supposed to work? How do you know that the password you have retrieved is indeed for the requested user?
 
Iain Emsley
Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Nitesh,

Apologies for the tardiness of the reply, an upgrade went interestingly well.

I keep getting the error:
java.lang.IllegalArgumentException
at javax.security.auth.callback.NameCallback.<init>(Unknown Source)
at uk.ac.stfc.login.check.login(check.java:45)
which is the namecallback. I think it is to do with the way that the JAAS jar has been placed. I've put it in Tomcat 5.5.23 and have set the web.xml to point to the relevant url. As above, I'm trying to use cookies but the url is presenting a form so I assume that I need to remove this form or is there are way of overriding it (I'm hooking into a third party piece of software called Bedework)?
MTIA for any help and advice
Iain
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic