Problem with JBoss JACC Integration Service and jre/lib/ext jars
adrian.boangiu Apr 19, 2013 1:45 PMI try to migrate migrating our application to JBoss 7.1.1 final. I have migrated previously successfully the same application from JBoss 4.2.2 to JBoss 5.1.0 and 6.1.0.
The application is using jsk-policy.jar from jdk’s jre/lib/ext folder. To do that, in the previous versions of JBoss (4.2.2, 5.1.0 and 6.1.0), a property was passed to JVM in the JBoss command line:
-Djava.security.properties=%JBOSS_CONFIG_DIR%/jini.sec.properties
The file jini.sec.properties contains the following line: policy.provider=net.jini.security.policy.DynamicPolicyProvider
and specifies the class that has to be used as a policy provider by the java security. In case this is not specified the class sun.security.provider.PolicyFile will be used as stated by default in jdk’s jre/lib/security/java.security.
In JBoss 7, the service org.jboss.security.jacc.SecurityService (JBoss JACC Integration Service) installs a java.security.Policy implementation that handles the JACC permission checks. As suggested in https://community.jboss.org/wiki/JACC, I added a new system property in JBoss command line:
-Djavax.security.jacc.policy.provider=net.jini.security.policy.DynamicPolicyProvider
telling the service org.jboss.security.jacc.SecurityService not to use its default class org.jboss.security.jacc.DelegatingPolicy.
When the application runs I get a class cast exception since the class DynamicPolicyProvider and the interface DynamicPolicy are loaded into two different class loaders.
I think that this is due to JBoss 7 behavior which does not take into account the jars in jre/lib/ext folder. I have tried to deploy the jsk-policy.jar as a module but this does not help since as soon as I remove the jar from jre/lib/ext folder I get exceptions when JBoss starts and JVM is using its default class sun.security.provider.PolicyFile.
Do you have any idea how can I solve this issue? Is there a way to disable JBoss JACC Integration Service in JBoss7?
From other posts I have understood that the JBoss 7.2 has solved the issue regarding jre/lib/ext folder. What can be done in 7.1.1?
Thank you for your help,