0 Replies Latest reply on May 25, 2011 11:36 AM by kingnothing

    VFSClassLoaderPolicy.getProtectionDomain()

    kingnothing

      Hi,

       

      We are moving from JBoss 4.2.2 to JBoss 6.0 and I have a problem during the boot of my application. I have some Security (Access Denied) error. With JBoss 4.2.2, when a class is loaded it used SecureClassLoader.getProtectionDomain() to "attach" the protection domain to the class. And this Class Loader use this ProtectionDomain Constructor. Which include the dynamic permission granted to my domain by my application policy.

       

      {code}

          /**

           * Creates a new ProtectionDomain qualified by the given CodeSource,

           * Permissions, ClassLoader and array of Principals. If the

           * permissions object is not null, then <code>setReadOnly()</code>

           * will be called on the passed in Permissions object.

           * The permissions granted to this domain are dynamic; they include

           * both the static permissions passed to this constructor, and any

           * permissions granted to this domain by the current Policy at the

           * time a permission is checked.

           * <p>

           * This constructor is typically used by

           * {@link SecureClassLoader ClassLoaders}

           * and {@link DomainCombiner DomainCombiners} which delegate to

           * <code>Policy</code> to actively associate the permissions granted to

           * this domain. This constructor affords the

           * Policy provider the opportunity to augment the supplied

           * PermissionCollection to reflect policy changes.

           * <p>

           *

           * @param codesource the CodeSource associated with this domain

           * @param permissions the permissions granted to this domain

           * @param classloader the ClassLoader associated with this domain

           * @param principals the array of Principals associated with this

           * domain. The contents of the array are copied to protect against

           * subsequent modification.

           * @see Policy#refresh

           * @see Policy#getPermissions(ProtectionDomain)

           * @since 1.4

           */

          public ProtectionDomain(CodeSource codesource, PermissionCollection permissions,  ClassLoader classloader,  Principal[] principals)

      {code}

       

       

      With JBoss 6.0, the VFSClassLoaderPolicy.getProtectionDomain() is used and it create the Protection Domain using this Constructor. So it doesn't include my application policy.

       

      {code}

      /**

           * Creates a new ProtectionDomain with the given CodeSource and

           * Permissions. If the permissions object is not null, then

           *  <code>setReadOnly())</code> will be called on the passed in

           * Permissions object. The only permissions granted to this domain

           * are the ones specified; the current Policy will not be consulted.

           *

           * @param codesource the codesource associated with this domain

           * @param permissions the permissions granted to this domain

           */

          public ProtectionDomain(CodeSource codesource, PermissionCollection permissions)

      {code}

       

      So, my questions are: How can I have the same behaviour with JBoss 6? How can I defined another class loader? Is it possible to change the VFSClassLoaderPolicy and make it use the other ProtectionDomain constructor?

       

      Regards.

       

      PS: My class is loaded by Hibernate DAO.