| [jetty-dev] FormAuthenticator -->JAASLoginService --> DefaultCallbackHandler ->RequestParameterCallback |
Dear Developers, I came across a problem during porting a PoC from jetty 6.1.26 to Jetty 8.1.3. It is about some security stuff involving JAAS LoginModules and the DefaultCallbackHandler. I am actually simply trying to get the request parameters using the RequestParameterCallback as done in jetty 6.1.26, which worked perfectly there. Now in Jetty 8.1.3 this doesn’t seem so, because i seem not to get any request parameters. With some debugging, I figured out that the FormAuthenticator(BasicAuthenticator as well), which i use is calling the LoginService, only with username and password. The LoginService instantiates the given CallbackHandler, which in my case is the DefaultCallbackHandler. In that case this actually does not make much sense for the DefaultCallbackHandler, which has a Request as member and does instantiate the RequestParameterCallback. The Point is I need one additional request parameter for my LoginModule. Maybe I am doing something terribly the wrong way here, I would be happy to do so. I’d appreciate if someone’s got an idea or advice for me. Thanks in advance, Paul-Robert Kaestner |