CallbackHandler for custom logon module

Similar Messages

• Custom logon module not called by the portal

  Hi, all.
  I need some help urgently on this new portal requirement. There are some sensitive ESS/MSS iviews that we need to give the users an additional logon challenge. The normal ESS/MSS iviews will be using SSO. This one will still use SSO, but have to pass the userid/password challenge.
  We have decided to use the authentication scheme. Also, the "form" logon stack has been modified with only one logon module, which is our customized one. To create the java project, jar and library, we are following the link: http://help.sap.com/saphelp_nw04s/helpdata/en/46/3ce9402f3f8031e10000000a1550b0/frameset.htm
  Here's the extract of our authscheme.xml:
          <authscheme name="certlogon">
              <authentication-template>
                  client_cert
              </authentication-template>
              <priority>21</priority>
              <frontendtype>2</frontendtype>
              <frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
          </authscheme>
          <authscheme name="coo_secure">
              <authentication-template>
                  form
              </authentication-template>
              <priority>40</priority>
              <frontendtype>2</frontendtype>
              <frontendtarget>com.sap.portal.runtime.logon.basicauthentication</frontendtarget>
          </authscheme>
          <authscheme name="basicauthentication">
              <authentication-template>
                  ticket
              </authentication-template>
              <priority>20</priority>
              <frontendtype>2</frontendtype>
              <frontendtarget>com.sap.portal.runtime.logon.basicauthentication</frontendtarget>
          </authscheme>
  The authscheme is called coo_secure. When a user clicks on the iviews with the coo_secure authscheme, a userid/pwd prompt pops up. But it does not accept whatever I type in. From the defaulttrace, I do not see any hint that our customized logon module was ever called.
  Is there anyway to turn on portal tracing to see what is going on?
  Thanks,
  Jonathan.

  Hi Jonathan,
  Did you solved the problem with the custom logon module?
  We have a very similar scenario. I followed below help site to implement a custom logon module for particular iviews.
  http://help.sap.com/saphelp_nw70/helpdata/EN/54/f91fba71ae48309e4267b4a36fa47b/frameset.htm
  and also the documentation:
  SAP Netweaver Developers Guide - Integrating Security Functions
  But I am not able to get my own custom login module with the custom authscheme running.
  If I access my specific IViews that requires additional custom authentication I get the portal login page again. After giving login data I get the error message:
  Java iView Runtime
  An exception occured while processing your request.
  If this situation persists, please contact your system administrator.
  If you solved your problem, can you please share the solution with me?
  Thanks,
  Regards,
  Yasar

• How to call a Bapi or RFC from a custom logon module

  Can you provide an example of how to call a bapi or rfc from a custom logon module? (used to authenticate in portal)

  Hello all,
  Is it possible to use SAP JRA instead?
  We have a Connector deployed on the WebAS 6.40. From an EJB (Webservice) it is possible to lookup the connector, but if i try to lookup the connector from a custom LoginModule, i get the following error:
  Path to object does not exist at java:comp, the whole lookup name is java:comp/env/eis/SAPJRA_CRMDC.#
  The whole lookup in LoginModule looks
  try
                 initialcontext    = new InitialContext();
                 connectionFactory = (ConnectionFactory) initialcontext.lookup("java:comp/env/eis/SAPJRA_CRM");
            } catch (Exception ex)
                 location.errorT(ex.getMessage());
  Regards Oliver

• Configuration steps for customer service module

  Hi All,
  I am SD consultant added with new resposiblilities of CS. My Client is a service industries. I need to learn basic process and configuration step for CS regarding service order creation, planning, costing and settlement.
  Wainting for positive reply,
  Thanks & regards,
  Sudhir

  Hi,
  Please read the PLM material with series
  PLM301,
  PLM305
  PLM310
  These three books will give details completely on CS module
  regards,
  santosh

• Custom Logon module

  We currently have a custom login named BVtoEPLoginProject.  I am trying to modify the java and it is asking for the following:
  import com.sap.engine.interfaces.security.auth.AbstractLoginModule;
  import com.sap.engine.lib.security.LoginExceptionDetails;
  import com.sap.engine.lib.security.Principal;
  import com.sap.engine.lib.security.http.HttpGetterCallback;
  Where are these located?  I just need to it modify the code in SAP developer studio and the project won't compile correctly.

  Hi Dena,
  You need to add the security_api and util libs to Java Build Path . Follow the instruction from :
  http://help.sap.com/saphelp_nw04/helpdata/en/9c/52b140f4eeff5fe10000000a155106/content.htm
  If you don't have J2EE engine on your NWDS, then get these two libs from any of J2EE servers in your landscape.
  Regards,
  Mike

• ADFBC Where to define labels for custom Application Module method arguments

  I was wondering if there was a "good place" to define these labels in ADF Business Components. I can just change them for the UI for my current project, but I thinking there might be a better way.
  Thanks,
  Brian

  Hi,
  I think you can't in BC, but you can in ADF. If you drag a method onto the client then it creates a method binding with argument itemes below. In addition, look in the executable section, it creates variables for each. This is where you can define labels so that they can be translated
  Frank

• How to Convert EAR to SDA & Deploy it to PI 7.1 for Custom Adapter Module

  Hi all,
  I need to convert an EAR file created using NWDS 7.1 to SDA file and deploy it to PI 7.1
  How can i do so.
  Please help if possible! Thanks!
  Mayank

  hi Mayank,
  I quote from help.sap
  "●      Use the SAP NetWeaver Developer Studio and the SDM in the following cases:
  ○       If the source files of the application are available, you can import them into the relevant project types in the SAP NetWeaver Developer Studio and then build the archive files. This scenario enables you to change the code of the application if necessary, as well as to build an application archive, which can be deployed using the SDM.
  This graphic is explained in the accompanying text
  You can convert the application using the Converter Tool to see what information you should include in the additional deployment descriptors. Then you can edit the generated descriptors in the SAP NetWeaver Developer Studio.
  ○       If your applicationu2019s EAR file contains the descriptors required to deploy it with the SDM (sda-dd.xml), you can use the SDM to deploy it on the J2EE Engine 7.0. The EAR is automatically converted at deployment time.
  This graphic is explained in the accompanying text
  When the application is converted using the SDM, the newly generated descriptors are used during deployment only and are not stored in the file system. You cannot reuse the converted application later. Therefore, we recommend that you convert the application using the Converter Tool first, and then deploy it using the SDM.
  ●      Using the Deploy Tool is more convenient in the following cases:
  ○       If only the EAR of the application is available and it does not contain the sda-dd.xml, use the Deploy Tool to convert and deploy the application on the J2EE Engine. Note that once the application EAR has been converted, it is no longer compatible with 6.20.
  http://help.sap.com/saphelp_nw04s/helpdata/EN/2c/dd813e77d46245e10000000a114084/content.htm
  Regards
  joel

• Why custom logon error messages doesn't work in WAS 7.0, EP 7.0?

  I managed to get custom error messages in WAS 6.40 / EP 6.0.
  I'm using JAAS custom Login module for user authentication and from there different Login Exceptions are thrown.
  I have modified logon.par file to display different error messages like "Logon ID is empty", "Password is empty", "Your user ID or password could not be validated.  Please check and try again."
  When i copy the same code into my working environment i.e WAS 7.0 / EP 7.0, it doesn't work, message always was "User Authentication Failed". Do anyone knows the reason why i was like that?
  Can you please explain exactly when the custom login module gets executed after the user clicks on "Logon" Button.
  In logon.par file i have not seen any code to execute JAAS - custom logon module. PLease explain exact execution flow ..
  Thanks in advance ..
  MMK

  Your card reader might be finicky like mine. Figure out which device your card reader is at (from what I'm reading probably sdb), then attempt to mount /dev/sdb to any location. If your card reader is like mine, this mount will fail but you'll find you now magically have /dev/sdb1, /dev/sdb2, etc devices, which will successfully mount... oddness, but it "just works" so I'm happy
  Note that if you plug a card into a slot that is to the kernel, for example, /dev/sda2, then try to mount /dev/sda1, this will (obviously) fail, so be sure to try mounting all the devices that magically appear (if any do).
  -dav7

• New JAAS Logon Module that calls RFC

  I want to build a new logon module that extends AbstractLoginModule.
  I want to call an RFC in ECC using JCA in this logon module. The purpose of this RFC call is to read the users roles in the backend, if they have a certain role I will dynamically assign them a portal group using the UME API.
  which method in the Logon Module (AbstractLoginModule) should I make the call to the RFC?  (initialize(), login(), commit(), etc.)
  Does anybody have any examples of how to make the RFC call from a custom logon module using JCA?

  Hi K,
  I tend to put the bulk of the logic for my login modules in the login() method - although usually this is for checking authentication rather than assigning roles/groups.
  Have you thought about using UME type ABAP to map ECC roles to Portal Groups? If you then need to write a login module to handle, say, LDAP authentication, then at least it is doing what it should be - i.e. authentication, and the heavy-lifting to do with JCA, roles, etc is handled by SAP-standard code.
  For sample JCA code, there is some in the [Universal Worklist Wiki|https://wiki.sdn.sap.com/wiki/display/BPX/DeveloperStudioProject+Files] - just download and extract the Devlopment Component there (don't forget to remove the .gif extension - a hack I used to get a Zip file into the Wiki).  The file SapRfc.java gives you a user-friendly way of calling RFCs using JCA. To see it in use, see AbsenceApproval.java - the method getWorkitemDescription() is a good example to look at.
  The only downside of the SapRfc.java library is that the constructor takes a IPortalComponentRequest object as an argument (allowing you to use a Portal System Alias), and you don't really have access to one of those in a JAAS module. You will have to modify this code to take a set of ConnectionProperties instead (see the documentation [Using the SAP System Connector|http://help.sap.com/saphelp_nw04/helpdata/en/89/8a185c148e4f6582560a8d809210b4/frameset.htm]).
  Really, the component you want to develop might be better deployed as a Portal component. Your users would access this component first of all, and when it completes it would forward them on to the Portal proper.
  Hope this helps,
  Darren

• Custom JAAS Module - How to use in certification test?

  Hello,
  I just read the document about certification for custom JAAS modules ("BC-AUTH-SAML Test Plan"). What I don't understand is how our custom login module can get the custom information it needs (like a certain request parameter).
  First, what we would like to do is to create a JAAS module which examines proprietary login tickets created by our reverse proxy / authentication server. The example code shows how to retrieve HTTP parameter and headers using the callback methods, so that part is all fine and clear to me.
  But for the certification test, the description says that in order to execute the test, the browser must be opened with a certain URL (Test 1, GET w/o password change). That action alone must lead to a valid authentication. However, in your real-world setup, the reverse proxy - sitting between the browser client and the SAP system - would insert a custom HTTP header with the login ticket. Obviously, in the test setup as dictated by the certification document, we don't have our reverse proxy, so my question basically is:
  How can I add custom HTTP headers or parameters while running the certification test?

  I'd gladly send you something by mail. Two other details first:
  - My name is actually not Remo, but Marcel Schoen. I'm just using a company account for this forum. My address is marcel.schoen<at>united-security-providers.ch
  - I'm swiss. Do you speak german? Your name sounds german. Falls ja koennen wir das auch auf Deutsch weiter besprechen.
  In short, our product is a Web Application Firewall; a reverse proxy for protecting and integrating web applications. Some of the functionality also allows to implement single-sign-on over existing legacy applications with different user bases. And now we're looking into ways to integrate SAP application servers as well (right now, the JAAS module and SAML are the two most likely approaches).

• Custom logon's PAR w/config branding image and branding text.....

  Hi all,
  I have changed the configuration of  the logon's branding-image and branding-text through their properties on the config tool. With the standard logon all works fine, but I have customized the logon's PAR and I Have changed the authscheme.xml, and now, the images that i have changed don't appear  on the screen. I just want to know if there is a way to fix this changing only the properties on the config tool (as the stadard does) or as i have changed the standard logon's PAR to a Custom logon's PAR, I must manage this images within this new custom logon's PAR?. Please help, thanks for watching
  Regards,
  MC

  Images were missing on the relevant path (server filesystem) for custom logon's PAR. That´s all
  Regards
  MC

• Custom Functuion Module

  hI ALL,
  i had an requirement to create a custom idoc for catsdb table with 4 fields
            1. pernr
            2. workdate
            3. lstar ......         
  and to transfer it from one application server to another.i had created in n transfered it to another application server. now my problem is in receiver side the data in idoc is posted into database of catsdb.
  can any one give the code for Custom function module at receiver side  so that when idoc is received [from sender] it must updated to databse tables via this FM.
  its very urgent . help me ..............
  with regards,
  Suresh Aluri.

  not answered

• New JAAS Logon Module that calls RFC: Urgent

  I want to build a new logon module that extends AbstractLoginModule.
  I want to call an RFC in ECC using JCA in this logon module. The purpose of this RFC call is to read the users roles in the backend, if they have a certain role I will dynamically assign them a portal group using the UME API.
  which method in the Logon Module (AbstractLoginModule) should I make the call to the RFC? (initialize(), login(), commit(), etc.)
  Does anybody have any examples of how to make the RFC call from a custom logon module using JCA?
  Edited by: K Ferguson on Nov 3, 2008 5:39 PM

  [link at...|http://help.sap.com/saphelp_nw2004s/helpdata/en/17/d609b48ea5f748b47c0f32be265935/content.htm]

• How to unconfigure a Custom Authentication Module for Convergence

  After flailing with the incomplete instructions for [Writing a Custom Authentication Module for Convergence|http://wikis.sun.com/display/CommSuite/Writing+a+Custom+Authentication+Module+for+Convergence]
  , I decided to try to revert back to the default.
  How do you remove the module and go back to the default? I tried to unset the options, but they did not seem to take effect.
  sudo /opt/sun/comms/iwc/sbin/iwcadmin -w xxxxx -o auth.custom.servicename -v ""
  sudo /opt/sun/comms/iwc/sbin/iwcadmin -w xxxxx -o auth.custom.callbackhandler -v ""
  sudo /opt/sun/comms/iwc/sbin/iwcadmin -w xxxxx -o auth.custom.loginimpl -v ""
  sudo /opt/SUNWappserver/bin/asadmin stop-appserv
  sudo /opt/SUNWappserver/bin/asadmin start-appserv
  AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter  Thread httpSSLWorkerThread-80-1 at 14:45:25,951 - SSO is disabled
  AUTH: WARN from com.sun.comms.client.protocol.delegate.agent.LoginContextAgent  Thread httpSSLWorkerThread-80-1 at 14:45:25,953 - Subject not found in session, creating one
  AUTH: ERROR from com.sun.comms.client.protocol.delegate.agent.LoginContextAgent  Thread httpSSLWorkerThread-80-1 at 14:45:25,954 - Unabled to load the class due to 
  AUTH: ERROR from com.sun.comms.client.protocol.delegate.agent.LoginContextAgent  Thread httpSSLWorkerThread-80-1 at 14:45:25,956 - Unable to instantiate callback handler 
  AUTH: ERROR from com.sun.comms.client.protocol.delegate.LoginCommandDelegate  Thread httpSSLWorkerThread-80-1 at 14:45:25,957 - Failed to Login the user: Unable to instantiate callback handler 
  PROTOCOL: ERROR from com.sun.comms.client.protocol.delegate.LoginCommandDelegate  Thread httpSSLWorkerThread-80-1 at 14:45:25,960 - Protocol Error while login : Unknown Reason

  jessethompson wrote:
  After flailing with the incomplete instructions for [Writing a Custom Authentication Module for Convergence|http://wikis.sun.com/display/CommSuite/Writing+a+Custom+Authentication+Module+for+Convergence]
  , I decided to try to revert back to the default.
  How do you remove the module and go back to the default? I tried to unset the options, but they did not seem to take effect.After enabling the custom login module using the steps in the earlier thread (http://forums.sun.com/thread.jspa?threadID=5318615), I performed the following steps to disable the custom module and re-enable the ldap auth module:
  # Disable custom auth-module
  cd /opt/sun/comms/iwc/sbin
  ./iwcadmin -w <admin password> -o auth.custom.servicename -v ""
  ./iwcadmin -w <admin password> -o auth.custom.loginimpl -v ""
  ./iwcadmin -w <admin password> -o auth.custom.callbackhandler -v ""
  ./iwcadmin -w <admin password> -o auth.misc.CredentialFile -v ""# Re-enable the LDAP auth-module
  cd /opt/sun/comms/iwc/sbin
  ./iwcadmin -w <admin password> -o auth.ldap.callbackhandler  -v com.sun.comms.client.security.auth.AppCallbackHandler
  ./iwcadmin -w <admin password> -o auth.ldap.loginimpl -v com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule# Restarte App Server
  cd /opt/SUNWappserver/bin/
  ./asadmin stop-domain; ./asadmin start-domain# Login to iwc interface as user shjorth with password oldpwd
  # Login successful with oldpwd -- custom auth module successfully disabled, LDAP re-enabled
  Regards,
  Shane.

• Custom login module for EP7.4 with Captcha

  Hi
  I am trying to create a custom login module which validates the captcha shown at the login screen using SAP help link:
  http://help.sap.com/saphelp_nw73/helpdata/en/48/ff4faf222b3697e10000000a42189b/content.htm?frameset=/en/48/fcea4f62944e88e10000000a421937/frameset.htm&current_toc=/en/74/8ff534d56846e2abc61fe5612927bf/plain.htm&node_id=20
  The session is being set in the Captcha servlet which is used to render the image on the login page.
  However when I am trying to compare it with input or print the session value, its throwing an exception.
  I checked in the NWA logs and it just shows the following error message:
  6. com.temp.loginModule.MyLoginModuleClass OPTIONAL ok exception true Authentication did not succeed.
  Please help me analyse the error stack. Can someone point where do i check the detailed logs to trace the issue?
  Please find below source of my login module.
  package com.temp.loginModule;
  import java.io.IOException;
  import java.util.Map;
  import javax.security.auth.login.LoginException;
  import javax.security.auth.Subject;
  import javax.security.auth.callback.CallbackHandler;
  import javax.security.auth.callback.Callback;
  import javax.security.auth.callback.NameCallback;
  import javax.security.auth.callback.UnsupportedCallbackException;
  import nl.captcha.Captcha;
  import com.sap.engine.interfaces.security.auth.AbstractLoginModule;
  import com.sap.engine.lib.security.http.HttpGetterCallback;
  import com.sap.engine.lib.security.http.HttpCallback;
  import com.sap.engine.lib.security.LoginExceptionDetails;
  import com.sap.engine.lib.security.Principal;
  public class MyLoginModuleClass extends AbstractLoginModule{
    private CallbackHandler callbackHandler = null;
    private Subject subject = null;
    private Map sharedState = null;
    private Map options = null;
    // This is the name of the user you have created on
    // the AS Java so you can test the login module
    private String userName = null;
    private boolean successful;
    private boolean nameSet;
    public void initialize(Subject subject, CallbackHandler callbackHandler,
    Map sharedState, Map options) {
    // This is the only required step for the method
    super.initialize(subject, callbackHandler, sharedState, options);
    // Initializing the values of the variables
    this.callbackHandler = callbackHandler;
    this.subject = subject;
    this.sharedState = sharedState;
    this.options = options;
    this.successful = false;
    this.nameSet = false;
    * Retrieves the user credentials and checks them. This is
    * the first part of the authentication process.
    public boolean login() throws LoginException {
  // HttpGetterCallback httpGetterCallback = new HttpGetterCallback(); 
  //       httpGetterCallback.setType(HttpCallback.REQUEST_PARAMETER); 
  //       httpGetterCallback.setName("captchaInput"); 
         String value = null; 
  //       try { 
  //       callbackHandler.handle(new Callback[] { httpGetterCallback }); 
  //           String[] arrayRequestparam = (String[]) httpGetterCallback.getValue(); 
  //           if(arrayRequestparam!=null && arrayRequestparam.length>0)
  //           value = arrayRequestparam[0]; 
  //       } catch (UnsupportedCallbackException e) { 
  //       throwNewLoginException("An error occurred while trying to validate credentials."); 
  //       } catch (IOException e) { 
  //            throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION); 
    value = getRequestValue("captchaInput");
    userName = getRequestValue("j_username");
    HttpGetterCallback httpGetterCallbackSessionCaptcha = new HttpGetterCallback(); 
    httpGetterCallbackSessionCaptcha.setType(HttpCallback.SESSION_ATTRIBUTE); 
    httpGetterCallbackSessionCaptcha.setName("myCaptchaLogin"); 
    try { 
    callbackHandler.handle(new Callback[] { httpGetterCallbackSessionCaptcha }); 
    Captcha arraySessionParam = (Captcha) httpGetterCallbackSessionCaptcha.getValue();
  // System.out.println("****************************************************httpGetterCallbackSessionCaptcha" + (arraySessionParam==null?"null session":arraySessionParam.getAnswer())+
  // "\n captchaInput" + value+"*********************");
    if(arraySessionParam==null || !arraySessionParam.isCorrect(value)){
    throwNewLoginException("Entered code does not match with the image code.Session:"+(arraySessionParam==null?"null":arraySessionParam.getAnswer())+" Param:"+ value);
  // throwUserLoginException(new Exception("Entered code does not match with the image code."));
    httpGetterCallbackSessionCaptcha.setValue(null);
    } catch (UnsupportedCallbackException e) { 
    throwNewLoginException("An error occurred while trying to validate credentials."); 
    } catch (IOException e) { 
    throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION); 
    // Retrieve the user credentials via the callback
    // handler.
    // In this case we get the user name from the HTTP
    // NameCallback.
  // NameCallback nameCallback = new NameCallback("User name: ");
    /* The type and the name specify which part of the HTTP request
    * should be retrieved. For Web container authentication, the
    * supported types are defined in the interface
    * com.sap.engine.lib.security.http.HttpCallback.
    * For programmatical authentication with custom callback
    * handler the supported types depend on the used callback handler.
  // try {
  // callbackHandler.handle(new Callback[] {nameCallback});
  // catch (UnsupportedCallbackException e) {
  // return false;
  // catch (IOException e) {
  // throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION);
  // userName = nameCallback.getName();
  // if( userName == null || userName.length() == 0 ) {
  // return false;  
    /* When you know the user name, update the user information
    * using data from the persistence. The operation must
    * be done before the user credentials checks. This method also
    * checks the user name so that if a user with that name does not
    * exist in the active user store, a
    * java.lang.SecurityException is thrown.
  // try {
  // refreshUserInfo(userName);
  // } catch (SecurityException e) {
  // throwUserLoginException(e);
    /* Checks if the given user name starts with the specified
    * prefix in the login module options. If no prefix is specified,
    * then all users are trusted.
  // String prefix = (String) options.get("user_name_prefix");
  // if ((prefix != null) && !userName.startsWith(prefix)) {
  // throwNewLoginException("The user is not trusted.");
    /* This is done if the authentication of the login module is    
    * successful.
    * Only one and exactly one login module from the stack must put
    * the user name in the shared state. This user name represents
    * the authenticated user.
    * For example if the login attempt is successful, method
    * getRemoteUser() of
    * the HTTP request will retrieve exactly this name.
    if (sharedState.get(AbstractLoginModule.NAME) == null) {
    sharedState.put(AbstractLoginModule.NAME, userName);
    nameSet = true;
    successful = true;
    return true;
    * Commit the login. This is the second part of the authentication
    * process.
    * If a user name has been stored by the login() method,
    * the user name is added to the subject as a new principal.
    public boolean commit() throws LoginException {
    if (successful) {
    /* The principals that are added to the subject should
    * implement java.security.Principal.You can use the class
    * com.sap.engine.lib.security.Principal for this purpose.
    Principal principal = new Principal(userName);
    subject.getPrincipals().add(principal);
    /* If the login is successful, then the principal corresponding
    * to the <userName> (the same user name that has been added
    * to the subject) must be added in the shared state too.
    * This principal is considered to be the main principal
    * representing the user.
    * For example, this principal will be retrieved from method
    * getUserPrincipal() of the HTTP request.
    if (nameSet) {
    sharedState.put(AbstractLoginModule.PRINCIPAL, principal);
    } else {
    userName = null;
    return true;
    * Abort the authentication process.
    public boolean abort() throws LoginException {
    if (successful) {
    userName = null;
    successful = false;
    return true;
    * Log out the user. Also removes the principals and
    * destroys or removes the credentials that were associated 
    * with the user during the commit phase.
    public boolean logout() throws LoginException {
    // Remove principals and credentials from subject
    if (successful) {
    subject.getPrincipals(Principal.class).clear();
    successful = false;
    return true;
    private String getRequestValue(String parameterName) 
       throws LoginException { 
         HttpGetterCallback httpGetterCallback = new HttpGetterCallback(); 
         httpGetterCallback.setType(HttpCallback.REQUEST_PARAMETER); 
         httpGetterCallback.setName(parameterName); 
         String value = null; 
         try { 
        callbackHandler.handle(new Callback[] { httpGetterCallback }); 
             String[] arrayRequestparam = (String[]) httpGetterCallback.getValue(); 
             value = arrayRequestparam[0]; 
         } catch (UnsupportedCallbackException e) { 
              return null; 
         } catch (IOException e) { 
              throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION); 
         return value; 
  Regards
  Ramanender Singh

  Ramanender,
  JAAS modules usually requires a restart whenever you need to change them. So be very careful with what you expect once you re-deploy your code.
  Once the library is loaded it will never reload itself until you perform a restart of the VM. 
  Connect to the debug port may help, but basic debugging will not take you too far either.
  I would recommend you to use the log tracing facility on your code. Just enter the following class attribute:
  import com.sap.tc.logging.Location;
  private static final Location trace = Location.getLocation(<your_classname_here>.class);
  trace.warningT("Some Warning Text Here..." + variable here);
  trace.debugT("Some Warning Text Here..." + variable here);
  You may need to go NWA and set the Location Severity Level to Debug according to your needs.
  Leave the trace code on your module for IT personnel to debug it if necessary. Don't forget to have the severity level of your code properly set.
  Meaning: You don't want to have every trace message your module sills out with warningT() or infoT().
  There is a excellent blog here on how this works
  Then you will be able to inspect some variable contents while the callbackhandler is being executed.
  Pay special attention with the timing - variables have a lifetime when dealing with login modules.
  Use the entering(<method_name>) and exiting(<method_name> just ot make sure where in the code the variable should be populated and when.
  BR,
  Ivan