Luke Mero

I'm having some troubles in signing the jar.
Most of the guides that I have found out told me to do that:
keytool -genkey -alias mycert jarsigner my-application.jar mycert
Then I have re-uploaded the my-application.jar on the server. and once I launch the JNLP, it recognize the file change, so ti downloads the file again... but nothing changes. it doesn't ask for any authorizations and it ends with the same error.
I was also trying changing the algorithm
keytool -genkey -keyalg rsa -alias mycert
but I obtained the same results... nothing change

What is wrong with that procedure? Am I not allowed to use "home-made" certificate?

The main problem was to load the jaas.config for the authentication so for this reason I was thinking about to load the policy file to give the permissions to the application to read the jaas.config file.
Now I was doing one more test: I was trying to remove the java.policy and deploy the application with the jaas.config file only. In that way it works from the command line as before but not from WebStart, so that means that the java policy maybe not needed at all.

Do you think that if I'll sign the jar file then I'll be able to read the jaas.config?
Is there any practice that I'm missing to load that Jaas file?

Thanks in advance

Hello everybody,

I have a problem with a Java WS application that use Jaas authentication through Jboss AS.
If I start the application from the command line (java -jar myApp.jar) it works just fine.
But if I load the application with the JNLP file I get an error like:
Exception in thread "AWT-EventQueue-0" java.security.AccessControlException:\ access denied (java.util.PropertyPermission java.security.auth.login.config read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285) at java.lang.System.getProperty(System.java:652)
The application needs to access a java.policy and a jaas.config files that are located into the jar file.

I was browsing and I was trying many different solutions like:

-adding a property tag under resources in the JNLP file doesn't seem to have any effect
<property name="java.security.auth.login.config" value="http://myserver.com/jaas_client.conf"/>
-adding a security tag. Doesn't do anything. (but I have read somewhere that in that case the jar file needs to be signed...)
<security> <all-permissions/> </security>
-here is how I load up the files into my java code
ClassLoader tClassLoader = holdem.gui.LoginGUI.class.getClassLoader(); String tJaasPath = tClassLoader.getResource("jaas.config").toString(); String tPolicyPath = tClassLoader.getResource("resources/java.policy").toString(); System.setProperty( "java.security.manager", "" ); System.setProperty( "java.security.policy", tPolicyPath ); System.setProperty( "java.security.auth.login.config", tJaasPath );
I was trying also to deploy my application jar into the server without the jaas.config and the java.policy and it gives me the same error about ava.security.AccessControlException etc....
So for this reason I think it should not be anything wrong in those 2 files, but the wrong thing seems to be how to load those files through Java Web Start.
Anyway here it is the context of the 2 files:

jaas.config
ggSDomain { org.jboss.security.ClientLoginModule required; };
java.policy
// Standard extensions get all permissions by default grant { // Allows any thread to stop itself using the java.lang.Thread.stop() // method that takes no argument. // Note that this permission is granted by default only to remain // backwards compatible. // It is strongly recommended that you either remove this permission // from this policy file or further restrict it to code sources // that you specify, because Thread.stop() is potentially unsafe. // See "http://java.sun.com/notes" for more information. permission java.security.AllPermission; permission java.lang.RuntimePermission "stopThread"; // allows anyone to listen on un-privileged ports permission java.net.SocketPermission "localhost:1024-", "listen"; // "standard" properies that can be read by anyone permission java.util.PropertyPermission "java.version", "read"; permission java.util.PropertyPermission "java.vendor", "read"; permission java.util.PropertyPermission "java.vendor.url", "read"; permission java.util.PropertyPermission "java.class.version", "read"; permission java.util.PropertyPermission "os.name", "read"; permission java.util.PropertyPermission "os.version", "read"; permission java.util.PropertyPermission "os.arch", "read"; permission java.util.PropertyPermission "file.separator", "read"; permission java.util.PropertyPermission "path.separator", "read"; permission java.util.PropertyPermission "line.separator", "read"; permission java.util.PropertyPermission "java.specification.version", "read"; permission java.util.PropertyPermission "java.specification.vendor", "read"; permission java.util.PropertyPermission "java.specification.name", "read"; permission java.util.PropertyPermission "java.vm.specification.version", "read"; permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; permission java.util.PropertyPermission "java.vm.specification.name", "read"; permission java.util.PropertyPermission "java.vm.version", "read"; permission java.util.PropertyPermission "java.vm.vendor", "read"; permission java.util.PropertyPermission "java.vm.name", "read"; permission java.util.PropertyPermission "*", "read"; //java.security.auth.login.config // PERSO permission java.net.SocketPermission "127.0.0.1:*", "connect,resolve"; //RMI test in eclipse permission java.net.SocketPermission "127.0.0.1:*", "accept, resolve"; //start: Alcatel Computer permission java.net.SocketPermission "172.26.95.227:*", "connect,resolve"; permission java.net.SocketPermission "172.26.95.227:*", "accept, resolve"; //end: Alcatel Computer //TESTS permission java.io.FilePermission "./images/-", "read"; //ONLY WORKING FOR UNIX computers permission java.io.FilePermission ".\\images\\-", "read"; //ONLY WORKING FOR WINDAUBE computers };
Does anybody has an idea about how to make those 2 files recognized by the java web start?

Thanks in advance to anybody who will help me