[jboss-user] [Security & JAAS/JBoss] - Re: JBoss 4.2.3: non-compliant behavior of JACC implementati
kcg
do-not-reply at jboss.com
Wed Feb 4 02:25:41 EST 2009
"anil.saldhana at jboss.com" wrote : http://anonsvn.jboss.org/repos/jbossas/branches/Branch_4_2/security/src/main/org/jboss/security/jacc/DelegatingPolicy.java
|
| That is the JACC policy we use.
|
|
| | public PermissionCollection getPermissions(ProtectionDomain domain)
| | {
| | PermissionCollection pc = super.getPermissions(domain);
| | PermissionCollection delegated = delegate.getPermissions(domain);
| | for (Enumeration e = delegated.elements(); e.hasMoreElements();)
| | {
| | Permission p = (Permission) e.nextElement();
| | pc.add(p);
| | }
| | return pc;
| | }
| |
|
Hello Anil,
I see, but I don't understand how is this related to my issue. I'm porting already existing JACC provider to JBoss. I set appropriate system property in property-service.xml:
| javax.security.jacc.policy.provider=com.example.jacc.Policy
|
I'm also declaring dependency of JACC service on property service in jacc-service.xml in order to get the system policy into the JACC service (otherwise JACC service is initialized before property service and hence cannot obtain the property):
| <?xml version="1.0" encoding="UTF-8"?>
| <server>
| <!-- JACC security manager and realm mapping -->
| <mbean code="org.jboss.security.jacc.SecurityService"
| name="jboss.security:service=JACCSecurityService" xmbean-dd="">
| <depends>jboss:type=Service,name=SystemProperties</depends>
| <xmbean>
| <description>The JACC security Policy service</description>
| <operation>
| <description>The start lifecycle operation</description>
| <name>start</name>
| </operation>
| <operation>
| <description>The stop lifecycle operation</description>
| <name>stop</name>
| </operation>
| </xmbean>
| </mbean>
| </server>
|
Everything seems to work well and my policy provider is really called -- at least `getPermission' calls get to it. If I understand the framework correctly, then your delegating policy should not be used anymore. Am I right? I see that your delegating policy also implements `implies' method. I'm most curious under which circumstances it is called by the container.
anonymous wrote :
| What JVM (vendor/version) are you using?
I'm using this platform (SunOS/JDK):
| $ java -version
| java version "1.6.0_03"
| Java(TM) SE Runtime Environment (build 1.6.0_03-b05)
| Java HotSpot(TM) Server VM (build 1.6.0_03-b05, mixed mode)
| $ uname -a
| SunOS silence 5.11 snv_79a i86pc
| $
|
and also I'm using jboss-4.2.3.GA-jdk16 together with it.
Thanks,
Karel
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4206803#4206803
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4206803
More information about the jboss-user
mailing list