2 Replies Latest reply: Dec 9, 2010 11:34 AM by 820626 RSS

    Determining requestor's IP in custom authenticator (JAAS)

      In a 10.3 environment I have a custom authenticator that is using NameCallback and PasswordCallback to validate against the data stored in a DB. We are now required to record the IP address of the authentication requestor for failed logins but I've not had any luck reliably determining this information.

      Our authenticator is implementing javax.security.auth.spi.LoginModule so we can't modify the call to the authenticator.

      Initially I tried a ContextHandlerCallback to be passed to the CallbackHandler.handle call, but an exception is thrown if the connection is made via JMX-RMI. (javax.security.auth.callback.UnsupportedCallbackException: [Security:090175]Unrecognized Callback)

      Any thoughts or suggestions on how to resolve the IP address of the requestor in the LoginModule?