An application implements a CallbackHandler and passes
it to underlying security services so that they may interact with
the application to retrieve specific authentication data,
such as usernames and passwords, or to display certain information,
such as error and warning messages.
CallbackHandlers are implemented in an application-dependent fashion.
For example, implementations for an application with a graphical user
interface (GUI) may pop up windows to prompt for requested information
or to display error messages. An implementation may also choose to obtain
requested information from an alternate source without asking the end user.
Underlying security services make requests for different types
of information by passing individual Callbacks to the
CallbackHandler . The CallbackHandler
implementation decides how to retrieve and display information
depending on the Callbacks passed to it. For example,
if the underlying service needs a username and password to
authenticate a user, it uses a NameCallback and
PasswordCallback . The CallbackHandler
can then choose to prompt for a username and password serially,
or to prompt for both in a single window.
A default CallbackHandler class implementation
may be specified in the auth.login.defaultCallbackHandler
security property. The security property can be set
in the Java security properties file located in the file named
<JAVA_HOME>/lib/security/java.security.
<JAVA_HOME> refers to the value of the java.home system property,
and specifies the directory where the JRE is installed.
If the security property is set to the fully qualified name of a
CallbackHandler implementation class,
then a LoginContext will load the specified
CallbackHandler and pass it to the underlying LoginModules.
The LoginContext only loads the default handler
if it was not provided one.
All default handler implementations must provide a public
zero-argument constructor. |