3 Replies Latest reply on Apr 22, 2013 6:36 PM by henk de boer

    Problem with JBoss JACC Integration Service and jre/lib/ext jars

    Adrian Boangiu Newbie

      I try to migrate migrating our application to JBoss 7.1.1 final. I have migrated previously successfully the same application from JBoss 4.2.2 to JBoss 5.1.0 and 6.1.0.

       

      The application is using jsk-policy.jar from jdk’s jre/lib/ext folder. To do that, in the previous versions of JBoss (4.2.2, 5.1.0 and 6.1.0), a property was passed to JVM in the JBoss command line:

      -Djava.security.properties=%JBOSS_CONFIG_DIR%/jini.sec.properties

      The file jini.sec.properties contains the following line: policy.provider=net.jini.security.policy.DynamicPolicyProvider

      and specifies the class that has to be used as a policy provider by the java security. In case this is not specified the class sun.security.provider.PolicyFile will be used as stated by default in jdk’s jre/lib/security/java.security.

       

      In JBoss 7, the service org.jboss.security.jacc.SecurityService (JBoss JACC Integration Service) installs a java.security.Policy implementation that handles the JACC permission checks. As suggested in https://community.jboss.org/wiki/JACC, I added a new system property in JBoss command line:

      -Djavax.security.jacc.policy.provider=net.jini.security.policy.DynamicPolicyProvider

      telling the service org.jboss.security.jacc.SecurityService not to use its default class org.jboss.security.jacc.DelegatingPolicy.

       

      When the application runs I get a class cast exception since the class DynamicPolicyProvider and the interface DynamicPolicy are loaded into two different class loaders.

       

      I think that this is due to JBoss 7 behavior which does not take into account the jars in jre/lib/ext folder. I have tried to deploy the jsk-policy.jar as a module but this does not help since as soon as I remove the jar from jre/lib/ext folder I get exceptions when JBoss starts and JVM is using its default class sun.security.provider.PolicyFile.

       

      Do you have any idea how can I solve this issue? Is there a way to disable JBoss JACC Integration Service in JBoss7?

       

      From other posts I have understood that the JBoss 7.2 has solved the issue regarding jre/lib/ext folder. What can be done in 7.1.1?

      Thank you for your help,