This week's book giveaway is in the OCMJEA forum. We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line! See this thread for details.
I have a custom Authenticator that I'm using and having problems. This is in Weblogic 10.3.
When a user connects and authenticates over HTTP everything functions fine. However if the connection is a JMX-RMI/T3 connection the call to javax.security.auth.callback.CallbackHandler.handle an exception is thrown. The ContextHandlerCallback default constructor is being used and passed in the array of callbacks with a username and password callback. Below is the code where callbackHandler is a javax.security.auth.callback.CallbackHandler
Here is the top of the excetption being thrown to the point of callbackHandler.handle(callbacks) from above:
Here is the start of the other stack trace we're seeing:
Part of the authentication is capturing information about the authentication, such as the IP address the request originated from, which is why we need the ContextHandlerCallback. I can see that trying to retrieve an HttpServletRequest from a JMX-RMI/T3 connection would cause problems, but an exception is being thrown during javax.security.auth.callback.CallbackHandler.handle().
Some other information that may or may not be relevant, but why not include all I can?
Application is using Form Based Authentication, as do the WS calls but the JMX-RMI/T3 call may not.
Unsure if it's possible to define what implementation to use for the CallbackHandler when authenticating. Currently we've defined a custom LoginModule but not a custom CallbackHandler.
If there is a way outside of the ContextHandlerCallback to get access to the caller's IP address inside of the LoginModule, that would provide a suitable workaround.
I'm confused why it would work via one protocol and not the other. Anyone else seen this sort of behavior or know of a way to handle this?
Joined: May 31, 2005
I've since determined that it seems the connection that is causing the problems is a JMX-RMI/T3 call. However I can no longer find an edit operation to update the original post.. I wasn't able to see an edit button but changed the request parameters on another post to edit the original post.