0 Replies Latest reply on Sep 16, 2002 10:38 AM by imelotte

    JAAS + applet/JWS

    imelotte
    imelotte Sep 16, 2002 10:38 AM

      Hello,

      I have both an applet and a webstart version of an application and I use JAAS to perform authentication/authorization.

      All the jars that are transported to the client are SIGNED.

      If I perform a login using the login context it succeeds.

      When the create() method on a home interface is called, I always get an exception (see bottom).

      But in my opinion, if everything is signed the application should be permitted to do ANYTHING. While searching through the jboss archives it seems that more people are experiencing the same problem and someone suggests the following solution:

      http://www.jboss.org/modules/bb/index.html?module=bb&op=viewtopic&t=forums/ dont't find it a viable solution if every potential client should edit the local java.policy file. How does this enable me to distribute an application to a large amount of unknown users. This contradicts javawebstart and applet philosophy.

      So far no one can opper a better solution. So should this be considered a bug in SecurityAssociation??? It seems a Thread/ClassLoader problem.

      Has anyone any idea how solve this problem? I just want to distribute an application using both an applet and javawebstart while using jaas for authentication/authorization and it's out of the question to edit the local java.policy file!

      Regards
      Ivan

      java.security.AccessControlException: access denied (java.lang.RuntimePermission org.jboss.security.SecurityAssociation.getPrincipalInfo)
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:272)
      at java.security.AccessController.checkPermission(AccessController.java:399)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
      at org.jboss.security.SecurityAssociation.getPrincipal(SecurityAssociation.java:109)
      at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:72)
      at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:185)
      at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:76)
      at $Proxy3.create(Unknown Source)
      at be.beta9.books.client.swing.ApplicationPanel.login(ApplicationPanel.java:88)
      at java.lang.reflect.Method.invoke(Native Method)
      at be.beta9.framework.swing.ReflectionTools.perform(ReflectionTools.java:23)
      at be.beta9.framework.swing.ReflectionTools.performVerbose(ReflectionTools.java:32)
      at be.beta9.framework.swing.ReflectionTools.performVerbose(ReflectionTools.java:27)
      at be.beta9.framework.swing.GenericActionListener.actionPerformed(GenericActionListener.java:35)
      at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1450)
      at javax.swing.AbstractButton$ForwardActionEvents.actionPerformed(AbstractButton.java:1504)
      at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:378)
      at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:250)
      at javax.swing.AbstractButton.doClick(AbstractButton.java:279)
      at javax.swing.AbstractButton.doClick(AbstractButton.java:259)
      at be.beta9.books.client.swing.LoginPanel$1.actionPerformed(LoginPanel.java:49)
      at javax.swing.SwingUtilities.notifyAction(SwingUtilities.java:1384)
      at javax.swing.JComponent.processKeyBinding(JComponent.java:2078)
      at javax.swing.KeyboardManager.fireBinding(KeyboardManager.java:252)
      at javax.swing.KeyboardManager.fireKeyboardAction(KeyboardManager.java:214)
      at javax.swing.JComponent.processKeyBindingsForAllComponents(JComponent.java:2145)
      at javax.swing.JComponent.processKeyBindings(JComponent.java:2138)
      at javax.swing.JComponent.processKeyEvent(JComponent.java:2041)
      at java.awt.Component.processEvent(Component.java:3553)
      at java.awt.Container.processEvent(Container.java:1164)
      at java.awt.Component.dispatchEventImpl(Component.java:2593)
      at java.awt.Container.dispatchEventImpl(Container.java:1213)
      at java.awt.Component.dispatchEvent(Component.java:2497)
      at java.awt.LightweightDispatcher.processKeyEvent(Container.java:2155)
      at java.awt.LightweightDispatcher.dispatchEvent(Container.java:2135)
      at java.awt.Container.dispatchEventImpl(Container.java:1200)
      at java.awt.Component.dispatchEvent(Component.java:2497)
      at java.awt.EventQueue.dispatchEvent(EventQueue.java:339)
      at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:131)
      at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:98)
      at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
      at java.awt.EventDispatchThread.run(EventDispatchThread.java:85)

      • 2354 Views
      • Tags: