I'm trying to re-factor a java web app so that the authentication is configurable (using a configured auth.login.defaultCallbackHandler). That way anyone that uses the source code for this application can easily configure their own authentication.
It's looks easy enough to instantiate my own CallBackHandler passing an HttpServletResponse into the constructor. Then the CallBackHandler could write the response page or redirect. When that page is submitted then a different instance of the same CallBackHandler would inspect the HttpServletRequest and see that a user name and password were supplied.
But, I would really like to configure the auth.login.defaultCallbackHandler. That way others sharing the code will be able to configure the app to use their own CallBackHandler code.
Does anyone know how to do this? Basically I think I need a way for my CallBackHandler to have access to HttpServletRequest/HttpServletResponse. But the auth.login.defaultCallbackHandler configured CallbackHandler requires an empty constructor.