It's not a secret anymore!*
The moose likes Oracle/OAS and the fly likes Custom Login Modules Break COTS J2EE Application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » Oracle/OAS
Bookmark "Custom Login Modules Break COTS J2EE Application" Watch "Custom Login Modules Break COTS J2EE Application" New topic
Author

Custom Login Modules Break COTS J2EE Application

Frank Griffith
Greenhorn

Joined: Apr 28, 2004
Posts: 10
Hello... I'm posting this here because I've already tried the OTN forum... any help is greatly appreciated...

I'm using a custom login module to authenticate users of a COTS J2EE application. The authentication works like a charm, but the COTS app breaks because it uses request.getRemoteUser() to obtain the user name for database lookups.

When the custom login is in use, request.getRemoteUser() returns "[JAZNUserAdaptor: user=theuser]" instead of simply the user name (this differs from the standard XML provider, which returns only the user name).

I used the sample login module from the Oracle documentation almost verbatim, the method is included below.

Does anyone know why getRemoteUser() returns "[JAZNUserAdaptor: user=theuser]" and not just the user name? And how to make it stop doing that?


public boolean login() throws LoginException {
throw new LoginException("Error: no CallbackHandler available "
+ "to garner authentication information from the user");

// Setup default callback handlers.
Callback[] callbacks = new Callback[] { new NameCallback("Username: "),
new PasswordCallback("Password: ", false) };

try {
_callbackHandler.handle(callbacks);
} catch (Exception e) {
_succeeded = false;
throw new LoginException(e.getMessage());
}

String username = ((NameCallback) callbacks[0]).getName();
String password = new String(((PasswordCallback) callbacks[1]).getPassword());

if (isValidUser(username, password)) {

_succeeded = true;
_password = password.toCharArray();
_name = username;

_authPrincipals = new CMPrincipal[2];
_authPrincipals[0] = new CMPrincipal(_name);
_authPrincipals[1] = new CMPrincipal("SecurityRole");

}

((PasswordCallback) callbacks[1]).clearPassword();
callbacks[0] = null;
callbacks[1] = null;


if (!_succeeded) {
System.out.println("login did not succeed... throwing LoginException...");
throw new LoginException("Authentication failed: Password does not match");
}

return true;
}
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Custom Login Modules Break COTS J2EE Application