2 Replies Latest reply on Oct 20, 2003 11:58 AM by Oguz Ibram

    Using JAAS for authorization

    joemilora Newbie

      Hi all,

      I'm attempting to use JAAS for authorization, but with
      no luck so far.

      The JAAS authentication works fine, and I'm placing
      the authenticated subject in a session to use
      with my struts based application. Unfortunately, I receive a permission failure on every permission
      check.

      I've tested my authorization code outside the container, so I'm fairly sure it works. I've updated the
      security policy, changing the AllPermission to the needed individual permissions. (the log produced
      from java.security.debug="access failure" seems
      to indicate it's my authorization permission that's causing the failure)

      I guess I'm wondering if there is something I'm unaware of that is preventing me from using JAAS
      authorization from within JBoss.

      Can I add principal based permissions in the server.policy? If so, is there anything else I need to
      do to enable principal based security?

      Thanks in advance,
      Joe Milora