4 Replies Latest reply on Feb 12, 2009 12:01 PM by kcg

    JBoss 4.2.3: non-compliant behavior of JACC implementation?

    kcg

      Hello,
      I'm porting our custom JACC provider to JBoss. For access control I've found that JBoss is using not recommended practice of calling `getPermission' on policy provider. JACC 1.0 final release specification claims that after this call container must call `implies' method on the returned PermissionCollection object. My debug messages proof that this is not the case with JBoss 4.2.3GA. For your reference, this is ``4.8 Checking the Caller for a Permission'' specification paragraph, where someone might read:

      The J2EE 1.4 container calls
      java.security.Policy.getPermissions with an argument
      ProtectionDomain that was constructed with the principals of the caller. The
      container must call the implies method on the returned
      PermissionCollection using the permission being checked as argument. If the
      PermissionCollection implies the permission being tested, the permission has
      been granted to the caller. Otherwise it has not. This technique is supported but
      not recommended.


      Am I doing anything wrong or is it really a non-compliant bit of JBoss JACC implementation?
      Our JACC provider is written in a way that it requires to have `implies' called on the policy provider. So I written simple facade PermissionCollection which behave like normal permission collection, but delegates it's implies to the policy provider. The problem is, its `implies' is not called. Do you have any idea how to convience JBoss to call either implies on the returned value from getPermission or implies directly on the policy provider?
      Thanks!
      Karel


        • 1. Re: JBoss 4.2.3: non-compliant behavior of JACC implementati
          anil.saldhana

           

          http://anonsvn.jboss.org/repos/jbossas/branches/Branch_4_2/security/src/main/org/jboss/security/jacc/DelegatingPolicy.java


          That is the JACC policy we use.

          public PermissionCollection getPermissions(ProtectionDomain domain)
           {
           PermissionCollection pc = super.getPermissions(domain);
           PermissionCollection delegated = delegate.getPermissions(domain);
           for (Enumeration e = delegated.elements(); e.hasMoreElements();)
           {
           Permission p = (Permission) e.nextElement();
           pc.add(p);
           }
           return pc;
           }
          


          What JVM (vendor/version) are you using?

          • 2. Re: JBoss 4.2.3: non-compliant behavior of JACC implementati
            kcg

             

            "anil.saldhana@jboss.com" wrote:
            http://anonsvn.jboss.org/repos/jbossas/branches/Branch_4_2/security/src/main/org/jboss/security/jacc/DelegatingPolicy.java


            That is the JACC policy we use.

            public PermissionCollection getPermissions(ProtectionDomain domain)
             {
             PermissionCollection pc = super.getPermissions(domain);
             PermissionCollection delegated = delegate.getPermissions(domain);
             for (Enumeration e = delegated.elements(); e.hasMoreElements();)
             {
             Permission p = (Permission) e.nextElement();
             pc.add(p);
             }
             return pc;
             }
            



            Hello Anil,

            I see, but I don't understand how is this related to my issue. I'm porting already existing JACC provider to JBoss. I set appropriate system property in property-service.xml:
             javax.security.jacc.policy.provider=com.example.jacc.Policy
            

            I'm also declaring dependency of JACC service on property service in jacc-service.xml in order to get the system policy into the JACC service (otherwise JACC service is initialized before property service and hence cannot obtain the property):
            <?xml version="1.0" encoding="UTF-8"?>
            <server>
             <!-- JACC security manager and realm mapping -->
             <mbean code="org.jboss.security.jacc.SecurityService"
             name="jboss.security:service=JACCSecurityService" xmbean-dd="">
             <depends>jboss:type=Service,name=SystemProperties</depends>
             <xmbean>
             <description>The JACC security Policy service</description>
             <operation>
             <description>The start lifecycle operation</description>
             <name>start</name>
             </operation>
             <operation>
             <description>The stop lifecycle operation</description>
             <name>stop</name>
             </operation>
             </xmbean>
             </mbean>
            </server>
            


            Everything seems to work well and my policy provider is really called -- at least `getPermission' calls get to it. If I understand the framework correctly, then your delegating policy should not be used anymore. Am I right? I see that your delegating policy also implements `implies' method. I'm most curious under which circumstances it is called by the container.

            What JVM (vendor/version) are you using?

            I'm using this platform (SunOS/JDK):
            $ java -version
            java version "1.6.0_03"
            Java(TM) SE Runtime Environment (build 1.6.0_03-b05)
            Java HotSpot(TM) Server VM (build 1.6.0_03-b05, mixed mode)
            $ uname -a
            SunOS silence 5.11 snv_79a i86pc
            $
            

            and also I'm using jboss-4.2.3.GA-jdk16 together with it.

            Thanks,
            Karel


            • 3. Re: JBoss 4.2.3: non-compliant behavior of JACC implementati
              kcg

              Nobody? No idea what to do with it?
              Thanks for any hint!
              Karel

              • 4. Re: JBoss 4.2.3: non-compliant behavior of JACC implementati
                kcg

                Hello,

                finally I've found out why the JACC is not invoked for the simple servlet demo application! First problem is that I need to mark the resource in web.xml as protected (or use delegation to JACC for unprotected resources feature) and the second is as I think a possible bug in JaccAuthorizationRealm.java in a package org.jboss.web.tomcat.security

                The problem is that the class' CTOR contains:

                 public JaccAuthorizationRealm()
                 {
                 policy = Policy.getPolicy();
                 trace = log.isTraceEnabled();
                 }
                


                the problem is with policy variable. It's initialized at the construction time, but if the JACC is not loaded yet, then the result is that policy contains reference to standard java.security.Policy instance. When I've changed the code to replace all `policy.' with `Policy.getPolicy().' in the class, then the code starts calling my JACC well (after it's initialization of course).

                Question is: is there any way how to prioritize initialization of JACC over the initialization of builtin tomcat? If no, then the JaccAuthorizationRealm class should be fixed probably.

                What do you think?
                Thanks,
                Karel