Bug 10335 - [RFE,patch] Make JAASRealm more flexible
Summary: [RFE,patch] Make JAASRealm more flexible
Status: RESOLVED WONTFIX
Alias: None
Product: Tomcat 4
Classification: Unclassified
Component: Catalina (show other bugs)
Version: Unknown
Hardware: Other other
: P3 enhancement (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-06-28 17:55 UTC by Marcelo Vanzin
Modified: 2010-12-14 17:34 UTC (History)
1 user (show)


Attachments
Patch to JAASRealm.java (1.66 KB, patch)
2002-06-28 17:56 UTC, Marcelo Vanzin 		Details | Diff
Correct patch (previous was missing an import) (2.02 KB, patch)
2002-06-28 21:54 UTC, Marcelo Vanzin 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcelo Vanzin 2002-06-28 17:55:35 UTC 
Currently, JAASRealm depends on its own CallbackHandler implementation to work,
which only supports NameCallback and PasswordCallback.

This makes it impossible to work with, for example, Weblogic 7.0's
UsernamePasswordLoginModule, which nees a Weblogic's own "UrlCallback" to know
where to find the remote server to query for the login information.

The patch moves the instantiation of the CallbackHandler object to a protected
method, so that one is able to easily override the method and use any custom
CallbackHandler by subclassing JAASRealm.
Comment 1 Marcelo Vanzin 2002-06-28 17:56:14 UTC 
Created attachment 2216 [details]
Patch to JAASRealm.java
Comment 2 Marcelo Vanzin 2002-06-28 21:54:47 UTC 
Created attachment 2217 [details]
Correct patch (previous was missing an import)
Comment 3 Trejkaz (pen name) 2006-05-09 05:25:34 UTC 
*** Bug 39524 has been marked as a duplicate of this bug. ***
Comment 4 Mark Thomas 2010-12-14 17:34:51 UTC 
The JAAS realm has been refactored in all current versions (5.5.x, 6.0.x and 7.0.x). There are three places where the CallbackHandler is created but they are easily over-ridden if required. There is little value in explicitly pulling out those calls into separate methods.