This is called when authentication is needed for a protected
web resource. It looks for the authentication data in the subject.
If the data is not found then login is invoked on the login context.
String user = null;
String password = null;
Subject subject = null;
String scheme = getRequestingScheme();
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("scheme=" + scheme);
_logger.fine("requesting prompt=" + getRequestingPrompt());
_logger.fine("requesting protocol=" + getRequestingProtocol());
}
ClientSecurityContext cont = ClientSecurityContext.getCurrent();
subject = (cont != null) ? cont.getSubject() : null;
user = getUserName(subject);
password = getPassword(subject);
if(user == null || password == null) {
try {
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("Initiating login again...");
}
LoginContextDriver.doClientLogin(AppContainer.USERNAME_PASSWORD,
AppContainer.getCallbackHandler());
cont = ClientSecurityContext.getCurrent();
subject = cont.getSubject();
user = getUserName(subject);
password = getPassword(subject);
} catch(Exception e) {
_logger.log(Level.FINE, "Exception " + e.toString(), e);
return null;
}
}
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("Username:" + user);
}
return new PasswordAuthentication(user, password.toCharArray());