aspose file tools*
The moose likes Security and the fly likes auth.login.defaultCallbackHandler use over http... Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "auth.login.defaultCallbackHandler use over http..." Watch "auth.login.defaultCallbackHandler use over http..." New topic
Author

auth.login.defaultCallbackHandler use over http...

Franklin Harry Mitchell
Greenhorn

Joined: Mar 18, 2011
Posts: 1
I'm trying to re-factor a java web app so that the authentication is configurable (using a configured auth.login.defaultCallbackHandler). That way anyone that uses the source code for this application can easily configure their own authentication.

From the reading I've done, the CallbackHandler (see javax.security.auth.callback.CallbackHandler) is responsible for prompting the user for things such as username and password. The examples, however, that I've seen are stand alone applications. I have yet to find an example of a web application that uses the CallbackHandler to prompt the user.

It's looks easy enough to instantiate my own CallBackHandler passing an HttpServletResponse into the constructor. Then the CallBackHandler could write the response page or redirect. When that page is submitted then a different instance of the same CallBackHandler would inspect the HttpServletRequest and see that a user name and password were supplied.

But, I would really like to configure the auth.login.defaultCallbackHandler. That way others sharing the code will be able to configure the app to use their own CallBackHandler code.

Does anyone know how to do this? Basically I think I need a way for my CallBackHandler to have access to HttpServletRequest/HttpServletResponse. But the auth.login.defaultCallbackHandler configured CallbackHandler requires an empty constructor.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: auth.login.defaultCallbackHandler use over http...