Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Two authenticators in default realm

0 views
Skip to first unread message

Marcin Stanski

unread,
Nov 25, 2003, 4:12:11 AM11/25/03
to

Hi,

I wrote my own custom authenticator and I want to use JAAS with it.
As far as I know, only default realm can be used with JAAS. So I added my authenticator
in addition to the default authenticator in myrealm and I set control flags to
SUFFICIENT in both authenticators.

I expect the authentication to succeed if any of those authenticators succeed.
During authentication I get error

javax.security.auth.login.FailedLoginException: Authenticaiton Failed: User XXX
denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImple.java:194)

It's ok, because the default LDAP doesn't have XXX user. But the problem is that
WL doesn't appear to run my authenticator at all (I put debug notes to check this).

What can be the problem ? Maybe I miss something?

Thanks in advance

Peter

unread,
Nov 25, 2003, 9:02:33 AM11/25/03
to

"Marcin Stanski" <marcin....@pentacomp.pl> wrote in message
news:3fc32afb$1...@newsgroups.bea.com...

Sufficient should work. Double check that both are marked as sufficient,
your provider
is defined in the default realm, and turn on debug - set the
DebugSecurityAtn="true" attribute
of the ServerDebug MBean. Then check out the log and see if the debug helps.


> Thanks in advance
>


Marcin Stanski

unread,
Nov 27, 2003, 6:00:06 AM11/27/03
to

Thanks for help, but I still have a problem with that.
I suspect that my problem may be connected with the way I invoke the authentication.
Previously I had a problem with invalid subject, so I changed:

lc = new LoginContext(...);
lc.login();
subject = lc.getSubject();

to

subject = weblogic.security.services.Authentication.login("myrealm",new MyCallbackHandler(...));

Is it correct ?

Thanks
Marcin Stanski

Peter

unread,
Nov 30, 2003, 11:23:53 AM11/30/03
to

"Marcin Stanski" <marcin....@pentacomp.pl> wrote in message
news:3fc5e746$1...@newsgroups.bea.com...

>
> Thanks for help, but I still have a problem with that.
> I suspect that my problem may be connected with the way I invoke the
authentication.
> Previously I had a problem with invalid subject, so I changed:
>
> lc = new LoginContext(...);
> lc.login();
> subject = lc.getSubject();
>
> to
>
> subject = weblogic.security.services.Authentication.login("myrealm",new
MyCallbackHandler(...));
>
> Is it correct ?
>

Yes. The use of the Authentication class is needed to ensure that the
principals in the subject are
signed.

What is the problem you are still having?


Marcin Stanski

unread,
Dec 3, 2003, 4:06:29 AM12/3/03
to

I had some problems with this at the beginning, but now everything works great.

Thanks for help
Marcin

0 new messages