0 Replies Latest reply on Aug 26, 2019 5:54 AM by Pontus Amberg

    Accessing WebRoleRefPermission using JACC

    Pontus Amberg Newbie

      Hi!

       

      I'm currently trying to access the WebRoleRefPermission using JACC ( https://jcp.org/en/jsr/detail?id=115 ) and I have encountered a problem. The problem is that I do get some permissions but not the WebRoleRefPermission. The way I try to get the permissions is:

       

      Subject subject = PolicyContext.getContext("javax.security.auth.Subject.container")

      Set<Principal> subjectPrincipals = subject.getPrincipals()

      PermissionCollection permissionCollection = Policy.getPolicy().getPermissions( new ProtectionDomain( new CodeSource(null, (Certificate[]) null), null, null, subjectPrincipals.toArray(new Principal[subjectPrincipals.size()]) ));

      // This seems to be needed to "Resolve any potentially unresolved permissions"

      permissionCollection.implies(new WebRoleRefPermission("", "nothing"));

       

      Finally I loop over the elements in the PermissionCollection to locate the WebRoleRefPermission.

       

      The web.xml contains the needed <security-role>, <auth-constraint> and <login-config>, Elytron seems to be configured correctly with JACC enabled and the login stuff works as expected when I access the application. But when an I use the pseudo code above to access the PermissionCollection in a JSP view there's no WebRoleRefPermission instances in it.

       

      The code I use is based on one of the Java EE-7 JACC examples ( https://github.com/javaee-samples/javaee7-samples/blob/master/jacc/contexts/src/main/java/org/javaee7/jacc/contexts/servlet/SubjectServlet.java ).

       

      Anyone have a clue if there's anything else I need to do to get access to the WebRoleRefPermission?