dcsimg
Custom Policy Setting, Jboss, EAR deployment issue
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Keya_Vibhakar
Posted On:   Thursday, June 26, 2008 06:47 AM

I am novice to JAAS and need some help with following issue. Any help in this matter would be highly appreciated. Problem Description I have created a Custom Policy class which extends java.security.Policy for doing customized Authorisation. I override the Default JVM Policy (PolicyFile) with my Custom Policy on JVM in programmatic manner as follows: CustomPolicy c= new CustomPolicy(); Policy.setPolicy(c); My Custom Policy is packaged inside a JAR file (customAuthorisation.jar). I have 2 web applications which need the same Custom Policy for Authorisation. The corresponding war files for both the web applications are bundled inside an EAR file. Since both the web applications make    More>>

			

I am novice to JAAS and need some help with following issue.
Any help in this matter would be highly appreciated.

Problem Description

I have created a Custom Policy class which extends java.security.Policy for doing customized Authorisation. I override the Default JVM Policy (PolicyFile) with my Custom Policy on JVM in programmatic manner as follows:

CustomPolicy c= new CustomPolicy();
Policy.setPolicy(c);

My Custom Policy is packaged inside a JAR file (customAuthorisation.jar). I have 2 web applications which need the same Custom Policy for Authorisation. The corresponding war files for both the web applications are bundled inside an EAR file. Since both the web applications make use of customAuthorisation.jar, I have marked our customAuthorisation.jar as Common JAR file according to EAR packaging format.

My “java.policy” file contains only following entry:

grant {
permission java.security.AllPermission;
};

I deploy the EAR in Jboss-4.0.5.GA.

Now when I execute the web application, I see my Custom Policy not getting executed even though it’s set to JVM properly. I tried to dig more & found that, since customAuthorisation.jar is Packaged as Common JAR, it’s also honored with AllPermission. Due to which the equivalent ProtectionDomain’s (for classes in customAuthorisation.jar) “hasAllPerm” member variable is set to TRUE. Following is the code of implies method of ProtectionDomain class which clearly indicates that if “hasAllPerm” is set to TRUE then DO NOT EXECUTE THE JVM POLICY & SILENTLY RETURN BACK.


public boolean implies(Permission permission) {

if (hasAllPerm) {
// internal permission collection already has AllPermission -
// no need to go to policy
return true;
}

if (!staticPermissions &&
Policy.getPolicyNoCheck().implies(this, permission))
return true;
if (permissions != null)
return permissions.implies(permission);

return false;
}



Now I do understand the problem but don’t know what’s the right solution to this problem. I tried a few alternatives in “java.policy” but it didn’t work:


grant CodeBase "file:/C:/jboss-4.0.5.GA/server/default/deploy/myApp.ear/*.jar" {
};



   <<Less
About | Sitemap | Contact