Currently, JAASRealm depends on its own CallbackHandler implementation to work, which only supports NameCallback and PasswordCallback. This makes it impossible to work with, for example, Weblogic 7.0's UsernamePasswordLoginModule, which nees a Weblogic's own "UrlCallback" to know where to find the remote server to query for the login information. The patch moves the instantiation of the CallbackHandler object to a protected method, so that one is able to easily override the method and use any custom CallbackHandler by subclassing JAASRealm.
Created attachment 2216 [details] Patch to JAASRealm.java
Created attachment 2217 [details] Correct patch (previous was missing an import)
*** Bug 39524 has been marked as a duplicate of this bug. ***
The JAAS realm has been refactored in all current versions (5.5.x, 6.0.x and 7.0.x). There are three places where the CallbackHandler is created but they are easily over-ridden if required. There is little value in explicitly pulling out those calls into separate methods.