This content has been marked as final.
Show 4 replies
-
1. Re: JBoss 4.2.3: non-compliant behavior of JACC implementati
anil.saldhana Feb 3, 2009 4:54 PM (in response to kcg)http://anonsvn.jboss.org/repos/jbossas/branches/Branch_4_2/security/src/main/org/jboss/security/jacc/DelegatingPolicy.java
That is the JACC policy we use.public PermissionCollection getPermissions(ProtectionDomain domain) { PermissionCollection pc = super.getPermissions(domain); PermissionCollection delegated = delegate.getPermissions(domain); for (Enumeration e = delegated.elements(); e.hasMoreElements();) { Permission p = (Permission) e.nextElement(); pc.add(p); } return pc; }
What JVM (vendor/version) are you using? -
2. Re: JBoss 4.2.3: non-compliant behavior of JACC implementati
kcg Feb 4, 2009 2:25 AM (in response to kcg)"anil.saldhana@jboss.com" wrote:
http://anonsvn.jboss.org/repos/jbossas/branches/Branch_4_2/security/src/main/org/jboss/security/jacc/DelegatingPolicy.java
That is the JACC policy we use.public PermissionCollection getPermissions(ProtectionDomain domain) { PermissionCollection pc = super.getPermissions(domain); PermissionCollection delegated = delegate.getPermissions(domain); for (Enumeration e = delegated.elements(); e.hasMoreElements();) { Permission p = (Permission) e.nextElement(); pc.add(p); } return pc; }
Hello Anil,
I see, but I don't understand how is this related to my issue. I'm porting already existing JACC provider to JBoss. I set appropriate system property in property-service.xml:javax.security.jacc.policy.provider=com.example.jacc.Policy
I'm also declaring dependency of JACC service on property service in jacc-service.xml in order to get the system policy into the JACC service (otherwise JACC service is initialized before property service and hence cannot obtain the property):<?xml version="1.0" encoding="UTF-8"?> <server> <!-- JACC security manager and realm mapping --> <mbean code="org.jboss.security.jacc.SecurityService" name="jboss.security:service=JACCSecurityService" xmbean-dd=""> <depends>jboss:type=Service,name=SystemProperties</depends> <xmbean> <description>The JACC security Policy service</description> <operation> <description>The start lifecycle operation</description> <name>start</name> </operation> <operation> <description>The stop lifecycle operation</description> <name>stop</name> </operation> </xmbean> </mbean> </server>
Everything seems to work well and my policy provider is really called -- at least `getPermission' calls get to it. If I understand the framework correctly, then your delegating policy should not be used anymore. Am I right? I see that your delegating policy also implements `implies' method. I'm most curious under which circumstances it is called by the container.
What JVM (vendor/version) are you using?
I'm using this platform (SunOS/JDK):$ java -version java version "1.6.0_03" Java(TM) SE Runtime Environment (build 1.6.0_03-b05) Java HotSpot(TM) Server VM (build 1.6.0_03-b05, mixed mode) $ uname -a SunOS silence 5.11 snv_79a i86pc $
and also I'm using jboss-4.2.3.GA-jdk16 together with it.
Thanks,
Karel -
3. Re: JBoss 4.2.3: non-compliant behavior of JACC implementati
kcg Feb 6, 2009 4:14 PM (in response to kcg)Nobody? No idea what to do with it?
Thanks for any hint!
Karel -
4. Re: JBoss 4.2.3: non-compliant behavior of JACC implementati
kcg Feb 12, 2009 12:01 PM (in response to kcg)Hello,
finally I've found out why the JACC is not invoked for the simple servlet demo application! First problem is that I need to mark the resource in web.xml as protected (or use delegation to JACC for unprotected resources feature) and the second is as I think a possible bug in JaccAuthorizationRealm.java in a package org.jboss.web.tomcat.security
The problem is that the class' CTOR contains:public JaccAuthorizationRealm() { policy = Policy.getPolicy(); trace = log.isTraceEnabled(); }
the problem is with policy variable. It's initialized at the construction time, but if the JACC is not loaded yet, then the result is that policy contains reference to standard java.security.Policy instance. When I've changed the code to replace all `policy.' with `Policy.getPolicy().' in the class, then the code starts calling my JACC well (after it's initialization of course).
Question is: is there any way how to prioritize initialization of JACC over the initialization of builtin tomcat? If no, then the JaccAuthorizationRealm class should be fixed probably.
What do you think?
Thanks,
Karel