A CallbackHandler is responsible for communication between the end-user of an application and the that is performing authentication of that user on behalf of the instantiated by the application. When an application needs to authenticate a user, it creates a LoginContext and specifies a CallbackHandler object for that context. The underlying LoginModule uses the CallbackHandler to communicate with the end user—for example prompting them to enter a name and password.

The LoginModule passes an array of objects that implement the Callback interface to the handle( ) method of CallbackHandler. The handle( ) method must determine the type of Callback object, and display the information and/or prompt for the input it represents. Different Callback classes have different purposes and must be handled differently. NameCallback and PasswordCallback are two of the most commonly used: they represent requests for the user’s name and password. TextOutputCallback is also common: it represents a request to display a message (such as “Authentication Failed”) to the user. See the descriptions of the individual Callback classes for information on how a CallbackHandler should handle them. CallbackHandler implementations are not required to support every type of Callback and my throw an UnsupportedCallbackException if passed a Callback object of a type they do not recognize or do not support.

The handle( ...

Get Java in a Nutshell, 5th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.