[jetty-dev] FormAuthenticator -->JAASLoginService --> DefaultCallbackHandler ->RequestParameterCallback

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[jetty-dev] FormAuthenticator -->JAASLoginService --> DefaultCallbackHandler ->RequestParameterCallback

Paul-Robert Kästner

Dear Developers,

 

I came across a problem during porting a PoC from jetty 6.1.26 to Jetty 8.1.3.

It is about some security stuff involving JAAS LoginModules and the DefaultCallbackHandler.

I am actually simply trying to get the request parameters using the RequestParameterCallback as done in jetty 6.1.26,

which worked perfectly there. Now in Jetty 8.1.3 this doesn’t seem so, because i seem not to get any request parameters.

 

With some debugging, I figured out that the FormAuthenticator(BasicAuthenticator as well), which i use is calling

the LoginService, only with username and password. The LoginService instantiates the given CallbackHandler, which

in my case is the DefaultCallbackHandler.

In that case this actually does not make much sense for the DefaultCallbackHandler, which

has a Request as member and does instantiate the RequestParameterCallback.

 

The Point is I need one additional request parameter  for my LoginModule.

 

Maybe I am doing something terribly the wrong way here, I would be happy to do so.

I’d appreciate if someone’s got an idea or advice for me.

 

Thanks in advance,

 

Paul-Robert Kaestner

 

 


_______________________________________________
jetty-dev mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-dev
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-dev] FormAuthenticator -->JAASLoginService --> DefaultCallbackHandler ->RequestParameterCallback

Jan Bartel-3
Paul-Robert,

Looks like some code somehow got omitted from jetty-7/8, so I raised:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=377709

thanks
Jan

On 26 April 2012 03:43, Paul-Robert Kästner
<[hidden email]> wrote:

> Dear Developers,
>
>
>
> I came across a problem during porting a PoC from jetty 6.1.26 to Jetty
> 8.1.3.
>
> It is about some security stuff involving JAAS LoginModules and the
> DefaultCallbackHandler.
>
> I am actually simply trying to get the request parameters using the
> RequestParameterCallback as done in jetty 6.1.26,
>
> which worked perfectly there. Now in Jetty 8.1.3 this doesn’t seem so,
> because i seem not to get any request parameters.
>
>
>
> With some debugging, I figured out that the
> FormAuthenticator(BasicAuthenticator as well), which i use is calling
>
> the LoginService, only with username and password. The LoginService
> instantiates the given CallbackHandler, which
>
> in my case is the DefaultCallbackHandler.
>
> In that case this actually does not make much sense for the
> DefaultCallbackHandler, which
>
> has a Request as member and does instantiate the RequestParameterCallback.
>
>
>
> The Point is I need one additional request parameter  for my LoginModule.
>
>
>
> Maybe I am doing something terribly the wrong way here, I would be happy to
> do so.
>
> I’d appreciate if someone’s got an idea or advice for me.
>
>
>
> Thanks in advance,
>
>
>
> Paul-Robert Kaestner
>
>
>
>
>
>
> _______________________________________________
> jetty-dev mailing list
> [hidden email]
> https://dev.eclipse.org/mailman/listinfo/jetty-dev
>
_______________________________________________
jetty-dev mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-dev
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-dev] FormAuthenticator -->JAASLoginService --> DefaultCallbackHandler ->RequestParameterCallback

Jan Bartel-3
Fixed. I also updated the docs:

here: http://wiki.eclipse.org/Jetty/Starting/Porting_to_Jetty_7/Packages_and_Classes
and here: http://wiki.eclipse.org/Jetty/Tutorial/JAAS

Jan

On 26 April 2012 08:05, Jan Bartel <[hidden email]> wrote:

> Paul-Robert,
>
> Looks like some code somehow got omitted from jetty-7/8, so I raised:
>
> https://bugs.eclipse.org/bugs/show_bug.cgi?id=377709
>
> thanks
> Jan
>
> On 26 April 2012 03:43, Paul-Robert Kästner
> <[hidden email]> wrote:
>> Dear Developers,
>>
>>
>>
>> I came across a problem during porting a PoC from jetty 6.1.26 to Jetty
>> 8.1.3.
>>
>> It is about some security stuff involving JAAS LoginModules and the
>> DefaultCallbackHandler.
>>
>> I am actually simply trying to get the request parameters using the
>> RequestParameterCallback as done in jetty 6.1.26,
>>
>> which worked perfectly there. Now in Jetty 8.1.3 this doesn’t seem so,
>> because i seem not to get any request parameters.
>>
>>
>>
>> With some debugging, I figured out that the
>> FormAuthenticator(BasicAuthenticator as well), which i use is calling
>>
>> the LoginService, only with username and password. The LoginService
>> instantiates the given CallbackHandler, which
>>
>> in my case is the DefaultCallbackHandler.
>>
>> In that case this actually does not make much sense for the
>> DefaultCallbackHandler, which
>>
>> has a Request as member and does instantiate the RequestParameterCallback.
>>
>>
>>
>> The Point is I need one additional request parameter  for my LoginModule.
>>
>>
>>
>> Maybe I am doing something terribly the wrong way here, I would be happy to
>> do so.
>>
>> I’d appreciate if someone’s got an idea or advice for me.
>>
>>
>>
>> Thanks in advance,
>>
>>
>>
>> Paul-Robert Kaestner
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> jetty-dev mailing list
>> [hidden email]
>> https://dev.eclipse.org/mailman/listinfo/jetty-dev
>>
_______________________________________________
jetty-dev mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-dev