Description
Some JAAS implementations (e.g., org.eclipse.jetty's jetty-plus) do not use the standard password callback class, javax.security.auth.callback.PasswordCallback but instead uses its own callback method.
As the current implemenation of org.apache.cxf.interceptor.security.NamePasswordCallback assumes this standard pasword callback class when setting the password, it fails to set the password correctly in this case, and subsequently failing to authenticate.
One can write a custom JAASLoginInterceptor to overwrite the behavior of the NamePasswordCallback class. However, some may feel uncomfortable with this approach.
This patch adds some reflection based code in NamePasswordCallback so that non-standard password callback classes can be handled appropriately by this class, thereby eliminating the need for a custom JAASLoginInterceptor in most cases.