import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.CredentialNotFoundException;
+import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.servlet.http.HttpServletRequest;
} catch (IOException e) {
throw new LoginException("Cannot handle http callback: "
+ e.getMessage());
+ } catch (ThreadDeath e) {
+ throw new ThreadDeathLoginException(
+ "Callbackhandler thread died", e);
} catch (UnsupportedCallbackException e) {
return false;
}
User user = userAdmin.getUser(null, username);
if (user == null)
- return false;
+ throw new FailedLoginException("Invalid credentials");
if (!user.hasCredential(null, password))
- return false;
+ throw new FailedLoginException("Invalid credentials");
+ // return false;
authorization = userAdmin.getAuthorization(user);
}
}
public boolean commit() throws LoginException {
Authorization authorization = subject
.getPrivateCredentials(Authorization.class).iterator().next();
- if (request != null) {
+ if (request != null && authorization.getName() != null) {
request.setAttribute(HttpContext.REMOTE_USER,
authorization.getName());
request.setAttribute(HttpContext.AUTHORIZATION, authorization);