[jboss-user] [Security & JAAS/JBoss] - Re: JBoss 4.2.3: non-compliant behavior of JACC implementati

kcg do-not-reply at jboss.com
Wed Feb 4 02:25:41 EST 2009


"anil.saldhana at jboss.com" wrote : http://anonsvn.jboss.org/repos/jbossas/branches/Branch_4_2/security/src/main/org/jboss/security/jacc/DelegatingPolicy.java
  | 
  | That is the JACC policy we use.  
  | 
  | 
  |   | public PermissionCollection getPermissions(ProtectionDomain domain)
  |   |    {
  |   |       PermissionCollection pc = super.getPermissions(domain);
  |   |       PermissionCollection delegated = delegate.getPermissions(domain);
  |   |       for (Enumeration e = delegated.elements(); e.hasMoreElements();)
  |   |       {
  |   |          Permission p = (Permission) e.nextElement();
  |   |          pc.add(p);
  |   |       }
  |   |       return pc;
  |   |    }
  |   | 
  | 

Hello Anil,

I see, but I don't understand how is this related to my issue. I'm porting already existing JACC provider to JBoss. I set appropriate system property in property-service.xml:

  |       javax.security.jacc.policy.provider=com.example.jacc.Policy
  | 
I'm also declaring dependency of JACC service on property service in jacc-service.xml in order to get the system policy into the JACC service (otherwise JACC service is initialized before property service and hence cannot obtain the property):

  | <?xml version="1.0" encoding="UTF-8"?> 
  | <server>
  |   <!-- JACC security manager and realm mapping -->
  |   <mbean code="org.jboss.security.jacc.SecurityService"
  |     name="jboss.security:service=JACCSecurityService" xmbean-dd="">
  |         <depends>jboss:type=Service,name=SystemProperties</depends>
  |     <xmbean>
  |       <description>The JACC security Policy service</description>
  |       <operation>
  |         <description>The start lifecycle operation</description>
  |         <name>start</name>
  |       </operation>
  |       <operation>
  |         <description>The stop lifecycle operation</description>
  |         <name>stop</name>
  |       </operation>
  |     </xmbean>
  |   </mbean>
  | </server>
  | 

Everything seems to work well and my policy provider is really called -- at least `getPermission' calls get to it. If I understand the framework correctly, then your delegating policy should not be used anymore. Am I right? I see that your delegating policy also implements `implies' method. I'm most curious under which circumstances it is called by the container.
anonymous wrote : 
  | What JVM (vendor/version) are you using?
I'm using this platform (SunOS/JDK):

  | $ java -version
  | java version "1.6.0_03"
  | Java(TM) SE Runtime Environment (build 1.6.0_03-b05)
  | Java HotSpot(TM) Server VM (build 1.6.0_03-b05, mixed mode)
  | $ uname -a
  | SunOS silence 5.11 snv_79a i86pc
  | $ 
  | 
and also I'm using jboss-4.2.3.GA-jdk16 together with it.

Thanks,
Karel


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4206803#4206803

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4206803



More information about the jboss-user mailing list