Win a copy of Penetration Testing Basics this week in the Security forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Custom Policy Setting, Jboss, EAR deployment issue

Beejal Vibhakar
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Group,

I am novice to JAAS and need some help with following issue. Any help in this matter would be highly appreciated.

Problem Description

I have created a Custom Policy class which extends for doing customized Authorisation. I override the Default JVM Policy (PolicyFile) with my Custom Policy on JVM in programmatic manner as follows:

My Custom Policy is packaged inside a JAR file (customAuthorisation.jar). I have 2 web applications which need the same Custom Policy for Authorisation. The corresponding war files for both the web applications are bundled inside an EAR file. Since both the web applications make use of customAuthorisation.jar, I have marked our customAuthorisation.jar as Common JAR file according to EAR packaging format.

My �java.policy� file contains only following entry:

I deploy the EAR in Jboss-4.0.5.GA.

Now when I execute the web application, I see my Custom Policy not getting executed even though it�s set to JVM properly. I tried to dig more & found that, since customAuthorisation.jar is Packaged as Common JAR, it�s also honored with AllPermission. Due to which the equivalent ProtectionDomain�s (for classes in customAuthorisation.jar) �hasAllPerm� member variable is set to TRUE. Following is the code of implies method of ProtectionDomain class which clearly indicates that if �hasAllPerm� is set to TRUE then DO NOT EXECUTE THE JVM POLICY & SILENTLY RETURN BACK.

Now I do understand the problem but don�t know what�s the right solution to this problem. I tried a few alternatives in �java.policy� but it didn�t work:

  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic