Subject.doAs problem
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Amir_Pashazadeh
Posted On:   Wednesday, November 5, 2003 03:10 PM

Hi I face a problem using JAAS , these are my source codes, most of the classes just have enough code to run, and do nothing at all: LoggedPolicy.java This class is just a java.security.Policy wrapper, so I can see some messages on cosole during Policy method's invocation. package spike.jaas; import java.security.*; public class LoggedPolicy extends Policy { public LoggedPolicy(Policy originalPolicy) { this.originalPolicy = originalPolicy; } public PermissionCollection getPermissions(CodeSource codesource) { log("getPermission(CodeSource)"); return originalPolicy.getPermissions(c   More>>

Hi


I face a problem using JAAS , these are my source codes, most of the classes just have enough code to run, and do nothing at all:



LoggedPolicy.java

This class is just a java.security.Policy wrapper, so I can see some messages on cosole during Policy method's invocation.

			
package spike.jaas;

import java.security.*;

public class LoggedPolicy extends Policy {

public LoggedPolicy(Policy originalPolicy) {
this.originalPolicy = originalPolicy;
}

public PermissionCollection getPermissions(CodeSource codesource) {
log("getPermission(CodeSource)");
return originalPolicy.getPermissions(codesource);
}

public void refresh() {
log("refresh()");
originalPolicy.refresh();
}

public PermissionCollection getPermissions(ProtectionDomain domain) {
log("getPermissions(ProtectionDomain)");
return super.getPermissions(domain);
}

public boolean implies(ProtectionDomain domain, Permission permission) {
boolean result = super.implies(domain, permission);
Principal[] principals = domain.getPrincipals();
if (principals == null || principals.length == 0) {
log("no principals!");

}
for (int i = 0; i < principals.length; i++) {
Principal principal = principals[i];
log(" Principal " + i + " = " + principal);
}
log("implies(ProtectionDomain, Permission) = " + result + "
");
return result;
}

private void log(String msg) {
System.out.println("LoggedPolicy: " + msg);
}

private Policy originalPolicy;
}



SimpleLoginModule.java

This class just accepts any login tasks.

			
package spike.jaas;

import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import java.util.Map;

public class SimpleLoginModule implements LoginModule {
private Subject subject;

public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) {
this.subject = subject;
}

public boolean login() throws LoginException {
return true;
}

public boolean commit() throws LoginException {
subject.getPrincipals().add(new SimplePrincipal());
return true;
}

public boolean abort() throws LoginException {
return true;
}

public boolean logout() throws LoginException {
subject.getPrincipals().clear();
return true;
}
}


SimplePermission.java

			
package spike.jaas;

import java.security.BasicPermission;

public class SimplePermission extends BasicPermission {
public SimplePermission(String name) {
super(name);
}

public SimplePermission(String name, String actions) {
super(name, actions);
}
}


SimplePrincipal.java

			
package spike.jaas;

import java.security.Principal;

public class SimplePrincipal implements Principal {
public String getName() {
return "name";
}

public String toString() {
return "SimplePrincipal - " + getName();
}
}


Main.java

			
package spike.jaas;

import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import java.security.*;

public class Main {
public static void main(String[] args) throws LoginException {
Policy original = Policy.getPolicy();
LoggedPolicy loggedPolicy = new LoggedPolicy(original);
Policy.setPolicy(loggedPolicy);

Security.setProperty("login.config.url.1", "file:g:/projects/jaas-spike/login.rule");

doTask();
}

private static void doTask() throws LoginException {
LoginContext loginContext = new LoginContext("Sample");

loginContext.login();

Subject subject = loginContext.getSubject();

final Permission permission = new SimplePermission("permission");

Subject.doAs(subject, new PrivilegedAction() {
public Object run() {

//Subject subject = Subject.getSubject(AccessController.getContext());
SecurityManager securityManager = System.getSecurityManager();
if (securityManager == null) {
securityManager = new SecurityManager();
}

securityManager.checkPermission(permission);
return null;
}
});
}
}


additional to java.policy grants

			
grant {
permission java.security.SecurityPermission "getPolicy";
permission java.security.SecurityPermission "setPolicy";
permission java.security.SecurityPermission "setProperty.login.config.url.1";
permission javax.security.auth.AuthPermission "createLoginContext.Sample";
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "doAs";
permission javax.security.auth.AuthPermission "getSubject";
};

grant principal spike.jaas.SimplePrincipal "name" {
permission spike.jaas.SimplePermission "permission";
};


When I run the program I get a security exception, if I comment the red part in grants the program runs without any problem, so it seems that Subject.doAs() doesn't work as it has to.
I wanted to check it further, so if I decomment the red line of code in Main.java and print its Principal s there exists a SimplePrincipal in subject principals, but in LoggedPolicy all the times no principals is logged!


What's wrong with my code? and how can I make it work?


Amir Pashazadeh

   <<Less

Re: Subject.doAs problem

Posted By:   Amir_Pashazadeh  
Posted On:   Sunday, November 16, 2003 07:32 AM

Hi


By changing Subject.doAs to Subject.doAsPrivileged (with null AccessControllerContext), things are now much better,

Now when I check the principals in LoggedPolicy I see SimplePrincipal, but still no SimplePermission associated to it. :(

Has anyone granted special permission to a special principal in policy file?


Amir Pashazadeh

About | Sitemap | Contact