3 Replies Latest reply on Apr 22, 2013 6:36 PM by henk53

ext jars

adrian.boangiu Apr 19, 2013 1:45 PM

I try to migrate migrating our application to JBoss 7.1.1 final. I have migrated previously successfully the same application from JBoss 4.2.2 to JBoss 5.1.0 and 6.1.0.

The application is using jsk-policy.jar from jdk’s jre/lib/ext folder. To do that, in the previous versions of JBoss (4.2.2, 5.1.0 and 6.1.0), a property was passed to JVM in the JBoss command line:

-Djava.security.properties=%JBOSS_CONFIG_DIR%/jini.sec.properties

The file jini.sec.properties contains the following line: policy.provider=net.jini.security.policy.DynamicPolicyProvider

and specifies the class that has to be used as a policy provider by the java security. In case this is not specified the class sun.security.provider.PolicyFile will be used as stated by default in jdk’s jre/lib/security/java.security.

In JBoss 7, the service org.jboss.security.jacc.SecurityService (JBoss JACC Integration Service) installs a java.security.Policy implementation that handles the JACC permission checks. As suggested in https://community.jboss.org/wiki/JACC, I added a new system property in JBoss command line:

-Djavax.security.jacc.policy.provider=net.jini.security.policy.DynamicPolicyProvider

telling the service org.jboss.security.jacc.SecurityService not to use its default class org.jboss.security.jacc.DelegatingPolicy.

When the application runs I get a class cast exception since the class DynamicPolicyProvider and the interface DynamicPolicy are loaded into two different class loaders.

I think that this is due to JBoss 7 behavior which does not take into account the jars in jre/lib/ext folder. I have tried to deploy the jsk-policy.jar as a module but this does not help since as soon as I remove the jar from jre/lib/ext folder I get exceptions when JBoss starts and JVM is using its default class sun.security.provider.PolicyFile.

Do you have any idea how can I solve this issue? Is there a way to disable JBoss JACC Integration Service in JBoss7?

From other posts I have understood that the JBoss 7.2 has solved the issue regarding jre/lib/ext folder. What can be done in 7.1.1?

Thank you for your help,

1. Re: Problem with JBoss JACC Integration Service and jre/lib/ext jars

henk53 Apr 21, 2013 3:54 PM (in response to adrian.boangiu)

Adrian Boangiu wrote:

From other posts I have understood that the JBoss 7.2 has solved the issue regarding jre/lib/ext folder. What can be done in 7.1.1?

Curious, but why not use JBoss AS/WildFly/EAP 7.2/6.1 then?
Actions
2. Re: Problem with JBoss JACC Integration Service and jre/lib/ext jars

adrian.boangiu Apr 22, 2013 5:52 AM (in response to henk53)

Thank you for your suggestion.
I haven’ tried the 7.2 version before because there was no standalone 7.2.0 version available for download and the 6.1 EAP version was still in alpha.
However, today I have downloaded the 6.1 EAP beta version (from 19.04.2013) and I got exactly the same error as using the 7.1.1.Final version.

Any suggestion is welcome.
Actions
3. Re: Problem with JBoss JACC Integration Service and jre/lib/ext jars

henk53 Apr 22, 2013 6:36 PM (in response to adrian.boangiu)

Adrian Boangiu wrote:

Thank you for your suggestion.
I haven’ tried the 7.2 version before because there was no standalone 7.2.0 version available for download and the 6.1 EAP version was still in alpha.

Funny... what people predicted clearly happens here.

Relative to EAP, all AS.Final releases (like 7.1.1.Final) were already an EAP.Alpha. EAP 6.1.Alpha == AS 7.2.Final. It's just a rename; the code is exactly the same. But because you see it being called Alpha for the first time you get "scared", not realizing that with AS you have always been using Alphas, but because the name said Final you (and very few people actually) realized this.
Actions

Go to original post