Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

createLoginContext.Userpass : access denied

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am working on authentication using JAAS.

I have created small application and calling it in one of the jsp file. When I try to access the jsp I am getting the following error:
createLoginContext.Userpass : access denied
(javax.security.auth.AuthPermission createLoginContext.Userpass)
When i run the java application it is authenticating the user but when I try to run it by calling it from JSP it is giving the above error.
I have java.policy file and I have modified that too and it is able to give permissions to all the jar file accept the one which I have created.
Can any body suggest how to give permission to (javax.security.auth.AuthPermission createLoginContext.Userpass).
 
Bartender
Posts: 1638
IntelliJ IDE MySQL Database Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do you mind showing the policy file to us
 
Vaibhav Tomorrow
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by Nitesh Kant:
Do you mind showing the policy file to us



Hi ,
I have created the policy file with the name jaasacn.policy.

grant codeBase "file:/C:/MyWorkspace3/WSADWorkspace/JAAS/one/MySecurity/WebContent/WEB-INF/classes/test/test.jar"{
permission avax.security.auth.AuthPermission "createLoginContext.Userpass";
};

I have tried with the defaule java.policy file also, and put the test.tar file in ext folder which has already the permisioon to access all the jar files in it.
grant codeBase "file:${java.home}/lib/ext/*" {
//permission java.security.AllPermission;
permission avax.security.auth.AuthPermission "createLoginContext.Userpass";
};

apart from that I have a question :
1) I have a jar file which can perform authentication to a user (PerformAuth.java).
can we call this Object inside a JSP and see the result of authentication? The main idea is to have an authenticated user and then map the user to any role and based on that role provide authorization to access web resources.
 
Nitesh Kant
Bartender
Posts: 1638
IntelliJ IDE MySQL Database Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Vaibhav:
avax.security.auth.AuthPermission "createLoginContext.Userpass";



Is this a typo? It should be javax and not avax.
If you are using a different policy file than the default you have to specify it as a JVM parameter "java.security.policy", as:

java -Djava.security.manager -Djava.security.policy=someURL SomeApp



Additionally, as specified above, you also would have to specify the parameter "java.security.manager".
The "-Djava.security.manager" argument ensures that the default security manager is installed, and thus the application is subject to policy checks. It is not required if the application SomeApp installs a security manager.

Vaibhav:
apart from that I have a question :
1) I have a jar file which can perform authentication to a user (PerformAuth.java).
can we call this Object inside a JSP and see the result of authentication? The main idea is to have an authenticated user and then map the user to any role and based on that role provide authorization to access web resources.[/QB]



If the jar file is in the classpath of the webapp that the jsp belongs to, then yes you can do that.
 
Vaibhav Tomorrow
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
grant codeBase "file:/C:/MyWorkspace3/WSADWorkspace/JAAS/one/MySecurity/WebContent/WEB-INF/classes/test/test.jar"{
permission javax.security.auth.AuthPermission "createLoginContext.Userpass";
};

I have tried with the defaule java.policy file also, and put the test.tar file in ext folder which has already the permisioon to access all the jar files in it.
grant codeBase "file:${java.home}/lib/ext/*" {
//permission java.security.AllPermission;
permission javax.security.auth.AuthPermission "createLoginContext.Userpass";
};
I am not able to perform the authentication using the jsp .
can any one tell what is wrong with this policy file ?
How can I give premisiion to createLoginContext.Userpass?
 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
where is this jsp deployed? a container-implementation can choose its own policy file location and might require you to define these custom policy entries there.

for instance - if you're using tomcat. try putting these policy entries in the catalina.policy. see http://tomcat.apache.org/tomcat-4.1-doc/security-manager-howto.html
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
    Bookmark Topic Watch Topic
  • New Topic