• Post Reply Bookmark Topic Watch Topic
  • New Topic

Java security - AccessController question

 
Alok Pota
Ranch Hand
Posts: 185
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am trying to enforce a feature wherein only certain classes of package A can access certain classes of package B using AccessController
and the java.policy file in a web-app context.
My java.policy file has an entry that looks like this..
grant codeBase "file:/acme/www/apps/webapp1/-" {
permission com.acme.MyCustomPermission;
};

Class A calls a method on Class B

class B {
public static void dummyMethod() {
AccessController.checkPermission(new MyCustomPermission());
}
}
class A {
public static void execute() {
B.dummyMethod();
......
}
}
Both A.class and B.class are in the codeBase path specified in the java.policy file yet the above gives me a permission denied exception
When I remove the codeBase entry and make this a general grant as
grant {
permission com.acme.MyCustomPermission;
};
everything works.. but thats not what I want.

What am I doing wrong?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!