File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes auth.login.defaultCallbackHandler use over http... Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of The Software Craftsman this week in the Agile forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "auth.login.defaultCallbackHandler use over http..." Watch "auth.login.defaultCallbackHandler use over http..." New topic

auth.login.defaultCallbackHandler use over http...

Franklin Harry Mitchell

Joined: Mar 18, 2011
Posts: 1
I'm trying to re-factor a java web app so that the authentication is configurable (using a configured auth.login.defaultCallbackHandler). That way anyone that uses the source code for this application can easily configure their own authentication.

From the reading I've done, the CallbackHandler (see is responsible for prompting the user for things such as username and password. The examples, however, that I've seen are stand alone applications. I have yet to find an example of a web application that uses the CallbackHandler to prompt the user.

It's looks easy enough to instantiate my own CallBackHandler passing an HttpServletResponse into the constructor. Then the CallBackHandler could write the response page or redirect. When that page is submitted then a different instance of the same CallBackHandler would inspect the HttpServletRequest and see that a user name and password were supplied.

But, I would really like to configure the auth.login.defaultCallbackHandler. That way others sharing the code will be able to configure the app to use their own CallBackHandler code.

Does anyone know how to do this? Basically I think I need a way for my CallBackHandler to have access to HttpServletRequest/HttpServletResponse. But the auth.login.defaultCallbackHandler configured CallbackHandler requires an empty constructor.
Don't get me started about those stupid light bulbs.
subject: auth.login.defaultCallbackHandler use over http...