aspose file tools*
The moose likes Oracle/OAS and the fly likes Custom Login Modules Break COTS J2EE Application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Oracle/OAS
Bookmark "Custom Login Modules Break COTS J2EE Application" Watch "Custom Login Modules Break COTS J2EE Application" New topic
Author

Custom Login Modules Break COTS J2EE Application

Frank Griffith
Greenhorn

Joined: Apr 28, 2004
Posts: 10
Hello... I'm posting this here because I've already tried the OTN forum... any help is greatly appreciated...

I'm using a custom login module to authenticate users of a COTS J2EE application. The authentication works like a charm, but the COTS app breaks because it uses request.getRemoteUser() to obtain the user name for database lookups.

When the custom login is in use, request.getRemoteUser() returns "[JAZNUserAdaptor: user=theuser]" instead of simply the user name (this differs from the standard XML provider, which returns only the user name).

I used the sample login module from the Oracle documentation almost verbatim, the method is included below.

Does anyone know why getRemoteUser() returns "[JAZNUserAdaptor: user=theuser]" and not just the user name? And how to make it stop doing that?


public boolean login() throws LoginException {
throw new LoginException("Error: no CallbackHandler available "
+ "to garner authentication information from the user");

// Setup default callback handlers.
Callback[] callbacks = new Callback[] { new NameCallback("Username: "),
new PasswordCallback("Password: ", false) };

try {
_callbackHandler.handle(callbacks);
} catch (Exception e) {
_succeeded = false;
throw new LoginException(e.getMessage());
}

String username = ((NameCallback) callbacks[0]).getName();
String password = new String(((PasswordCallback) callbacks[1]).getPassword());

if (isValidUser(username, password)) {

_succeeded = true;
_password = password.toCharArray();
_name = username;

_authPrincipals = new CMPrincipal[2];
_authPrincipals[0] = new CMPrincipal(_name);
_authPrincipals[1] = new CMPrincipal("SecurityRole");

}

((PasswordCallback) callbacks[1]).clearPassword();
callbacks[0] = null;
callbacks[1] = null;


if (!_succeeded) {
System.out.println("login did not succeed... throwing LoginException...");
throw new LoginException("Authentication failed: Password does not match");
}

return true;
}
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Custom Login Modules Break COTS J2EE Application