I was tracking down some issues that came up after we
started using our own UserDetails object in the principal of Authentication.
This method in JaasNameCallbackHandler seems to be calling the incorrect
method. In AbstractAuthenticationHandler, the methods called are ‘authentication.getPrincipal().getUsername()’
not ‘toString()’ like it appears below. Is there any reason for
this? The problem we are facing is that our JAAS handler is trying to
authenticate on the entire toString() output of our UserDetails object, instead
of just the username, at this point, when the Acegi API/source seems to
indicate that toString() is to be used for debug output. public void handle(Callback callback, Authentication
authentication) throws IOException, UnsupportedCallbackException { if (callback instanceof NameCallback) { NameCallback ncb = (NameCallback) callback; ncb.setName(authentication.getPrincipal().toString()); } } |
- [Acegisecurity-developer] behavior of JaasNameCallbackHander Tim Kettering