Win a copy of Svelte and Sapper in Action this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Using cookies in JAAS to extend a Single Sign On

 
Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm currently involved in a project to extend our cookie based SSO to an application using JAAS which I felt to be the best way of achieving the goal. I have written a CallbackHandler which will handle extracting the username and password from the cookies but I'm really not sure as to how to set up the callback from the LoginModule to get the names to check against the db and would very much appreciate some advice on the best way of doing this:
 
Bartender
Posts: 1638
IntelliJ IDE MySQL Database Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Iain:
[QB]I have written a CallbackHandler which will handle extracting the username and password from the cookies but I'm really not sure as to how to set up the callback from the LoginModule to get the names to check against the db



Looking at the posted code it seems that you have done what is required to request a callback from the callback handler(assuming that the callback handler is set appropriately). Can you tell as to what is going wrong? Is there any specific problem you are facing?

I am not sure about your database table structure but you seem to get user name and password from two different tables without specifying the user name in the password lookup query! How is this supposed to work? How do you know that the password you have retrieved is indeed for the requested user?
 
Iain Emsley
Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Nitesh,

Apologies for the tardiness of the reply, an upgrade went interestingly well.

I keep getting the error:
java.lang.IllegalArgumentException
at javax.security.auth.callback.NameCallback.<init>(Unknown Source)
at uk.ac.stfc.login.check.login(check.java:45)
which is the namecallback. I think it is to do with the way that the JAAS jar has been placed. I've put it in Tomcat 5.5.23 and have set the web.xml to point to the relevant url. As above, I'm trying to use cookies but the url is presenting a form so I assume that I need to remove this form or is there are way of overriding it (I'm hooking into a third party piece of software called Bedework)?
MTIA for any help and advice
Iain
 
Uh oh, we're definitely being carded. Here, show him this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic