3 Replies Latest reply on Oct 6, 2004 6:16 PM by starksm64

    JACC questions

    dozedoff

      I've looked over the wiki (http://www.jboss.org/wiki/Wiki.jsp?page=JACC), and incorporated the changes to my jboss-service.xml and standardjboss.xml to enable the default JACC sercurity policy implementation, org.jboss.security.jacc.DelegatingPolicy.

      As far as I can tell, this DelegatingPolicy allows JAAS to work as expected.

      Now, how do I get this to do some JACC work as well? Are there any examples on how to use this?

        • 1. Re: JACC questions
          starksm64

          I don't understand what you mean by doing some JACC work. You can get the Policy via the standard java.security.Policy.getPolicy accessor provided you have the correct permission. This Policy will be the JACC provider Policy. JACC specific permissions will be handled by the installed policy implementation. Non-JACC permissions will be forwared to the Policy that existed when the JACC Policy provider was installed.

          • 2. Re: JACC questions
            dozedoff

            Thanks Scott,

            I think I'd better reread the specs docs to get a better understanding.

            General question about JBoss's current implementation. If I set up the JBoss server according to the Wiki, does this mean that JACC uses the server.policy as its default policy?

            • 3. Re: JACC questions
              starksm64

              No, the current implementation has nothing to do with the base vm security policy other than delegating to it for non-JACC permissions. There is no requirement to run with a security manager and establish the java2 permissions for the application. The allowed permissions are derived from the deployment and user roles assigned to the users via JAAS.

              In future implementation the overloading of JAAS to obtain the authorization roles from the athentication step will be removed. It will not be using the vm java2 permisson policy files as the source of the permission assigments though.