This week's book giveaway is in the Cloud/Virtualizaton forum.
We're giving away four copies of Mesos in Action and have Roger Ignazio on-line!
See this thread for details.
Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

auth.login.defaultCallbackHandler use over http...

 
Franklin Harry Mitchell
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm trying to re-factor a java web app so that the authentication is configurable (using a configured auth.login.defaultCallbackHandler). That way anyone that uses the source code for this application can easily configure their own authentication.

From the reading I've done, the CallbackHandler (see javax.security.auth.callback.CallbackHandler) is responsible for prompting the user for things such as username and password. The examples, however, that I've seen are stand alone applications. I have yet to find an example of a web application that uses the CallbackHandler to prompt the user.

It's looks easy enough to instantiate my own CallBackHandler passing an HttpServletResponse into the constructor. Then the CallBackHandler could write the response page or redirect. When that page is submitted then a different instance of the same CallBackHandler would inspect the HttpServletRequest and see that a user name and password were supplied.

But, I would really like to configure the auth.login.defaultCallbackHandler. That way others sharing the code will be able to configure the app to use their own CallBackHandler code.

Does anyone know how to do this? Basically I think I need a way for my CallBackHandler to have access to HttpServletRequest/HttpServletResponse. But the auth.login.defaultCallbackHandler configured CallbackHandler requires an empty constructor.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic