D
Donkey Hottie
Trying to log in via jaas. My code runs fine at least in JBoss 4 and 5,
but GlassFish has a problem.
Normally the connection is made like
LoginContext lc = new LoginContext(realmName, new JAASCallbackHandler
(username, password));
However, as I have Googled, it came clear to me that GlassFish does not
want or use a CallbackHandler. It wants a Subject with Credentials.
So I have for Sun
import java.security.Principal;
import javax.resource.spi.security.PasswordCredential ;
boolean is SunJavaSystem = ... ;
LoginContext lc = null ;
if (isSunJavaSystem)
{
Set principals = new HashSet() ;
Set credentials = new HashSet() ;
principals.add(new WSPrincipal(username)) ;
credentials.add(new PasswordCredential(username,
password.toCharArray())) ;
Subject subj = new Subject(false, principals, credentials,
credentials) ;
lc = new LoginContext(realmName, subj, new JAASCallbackHandler
(username, password));
}
else
{
lc = new LoginContext(realmName, new JAASCallbackHandler(username,
password));
}
The WSPrincipal is my own class, and implements Principal. Nothing fancy,
but here it is.
public static class WSPrincipal implements Principal
{
private String name ;
public WSPrincipal(String name)
{
this.name = name ;
}
public String getName()
{
return name ;
}
@Override
public boolean equals(Object obj)
{
if (obj == null)
{
return false;
}
if (getClass() != obj.getClass())
{
return false;
}
final WSPrincipal other = (WSPrincipal) obj;
return name.equals(other.name);
}
@Override
public String toString()
{
return name;
}
@Override
public int hashCode()
{
int hash = 7;
return hash;
}
}
In the end, GlassFish do not let in. The error message is:
SEC1105: A PasswordCredential was required but not provided.
and lc.login() throws a LoginException.
Googling around did only show similar problems but no answers. Any
takers?
but GlassFish has a problem.
Normally the connection is made like
LoginContext lc = new LoginContext(realmName, new JAASCallbackHandler
(username, password));
However, as I have Googled, it came clear to me that GlassFish does not
want or use a CallbackHandler. It wants a Subject with Credentials.
So I have for Sun
import java.security.Principal;
import javax.resource.spi.security.PasswordCredential ;
boolean is SunJavaSystem = ... ;
LoginContext lc = null ;
if (isSunJavaSystem)
{
Set principals = new HashSet() ;
Set credentials = new HashSet() ;
principals.add(new WSPrincipal(username)) ;
credentials.add(new PasswordCredential(username,
password.toCharArray())) ;
Subject subj = new Subject(false, principals, credentials,
credentials) ;
lc = new LoginContext(realmName, subj, new JAASCallbackHandler
(username, password));
}
else
{
lc = new LoginContext(realmName, new JAASCallbackHandler(username,
password));
}
The WSPrincipal is my own class, and implements Principal. Nothing fancy,
but here it is.
public static class WSPrincipal implements Principal
{
private String name ;
public WSPrincipal(String name)
{
this.name = name ;
}
public String getName()
{
return name ;
}
@Override
public boolean equals(Object obj)
{
if (obj == null)
{
return false;
}
if (getClass() != obj.getClass())
{
return false;
}
final WSPrincipal other = (WSPrincipal) obj;
return name.equals(other.name);
}
@Override
public String toString()
{
return name;
}
@Override
public int hashCode()
{
int hash = 7;
return hash;
}
}
In the end, GlassFish do not let in. The error message is:
SEC1105: A PasswordCredential was required but not provided.
and lc.login() throws a LoginException.
Googling around did only show similar problems but no answers. Any
takers?