[jboss-user] [Security & JAAS/JBoss] - Re: JAAS Policy File with JBOSS - Please Help!

jgilmore do-not-reply at jboss.com
Wed Dec 12 11:26:30 EST 2007 

I have now added the following line to the JAVA_OPTS section of run.bat


  | -Djava.security.manager -Djava.security.policy=server.policy
  | 

Next time I started JBoss I received the following error:


  | Failed to boot JBoss:
  | java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write) at java.security.AccessControlContext.checkPermission(AccessControlConte
  | xt.java:264)
  |         at java.security.AccessController.checkPermission(AccessController.java:
  | 427)
  |         at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
  |         at java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:
  | 1252)
  |         at java.lang.System.getProperties(System.java:561)
  |         at org.jboss.Main.<init>(Main.java:86)
  |         at org.jboss.Main$1.run(Main.java:489)
  |         at java.lang.Thread.run(Thread.java:595)
  | 

I solved this problem by placing the following in the server.policy file (which, for convenience, is currently placed in the bin directory).


  | grant {
  | permission java.security.AllPermission;
  | }; 
  | 

So now my server starts.  Great, I now know the the server.policy in the bin directory is being taken notice of.  If I now put application specific permissions in the policy file like so:


  | grant {
  | permission java.security.AllPermission;
  | }; 
  | 
  | grant Principal com.ftid.custadmin.security.ClientAdminPrincipal "view_customer" {
  |     permission  com.ftid.custadmin.security.ViewIdPermission "/client/clientsView.*";
  |     permission  com.ftid.custadmin.security.ViewIdPermission "/client/clientLandingPage.*";
  | };
  | 
  | grant Principal com.ftid.custadmin.security.ClientAdminPrincipal "view_update_customer" {
  |     permission  com.ftid.custadmin.security.ViewIdPermission "/client/clientEdit.*";
  | };
  | 

It doesn't work, my application deployed onto JBoss simply gives access to all my subjects, no matter what principles they have assigned.  

Does anybody know how to get the application specific principal permissions loaded into the JBoss SecurityManager??

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4112295#4112295

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4112295

More information about the jboss-user mailing list