• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Custom Policy Setting, Jboss, EAR deployment issue

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Group,

I am novice to JAAS and need some help with following issue. Any help in this matter would be highly appreciated.

Problem Description

I have created a Custom Policy class which extends java.security.Policy for doing customized Authorisation. I override the Default JVM Policy (PolicyFile) with my Custom Policy on JVM in programmatic manner as follows:




My Custom Policy is packaged inside a JAR file (customAuthorisation.jar). I have 2 web applications which need the same Custom Policy for Authorisation. The corresponding war files for both the web applications are bundled inside an EAR file. Since both the web applications make use of customAuthorisation.jar, I have marked our customAuthorisation.jar as Common JAR file according to EAR packaging format.

My �java.policy� file contains only following entry:





I deploy the EAR in Jboss-4.0.5.GA.

Now when I execute the web application, I see my Custom Policy not getting executed even though it�s set to JVM properly. I tried to dig more & found that, since customAuthorisation.jar is Packaged as Common JAR, it�s also honored with AllPermission. Due to which the equivalent ProtectionDomain�s (for classes in customAuthorisation.jar) �hasAllPerm� member variable is set to TRUE. Following is the code of implies method of ProtectionDomain class which clearly indicates that if �hasAllPerm� is set to TRUE then DO NOT EXECUTE THE JVM POLICY & SILENTLY RETURN BACK.




Now I do understand the problem but don�t know what�s the right solution to this problem. I tried a few alternatives in �java.policy� but it didn�t work:




-Beejal
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic