[jboss-user] [Security & JAAS/JBoss] - Re: JAAS Policy File with JBOSS - Please Help!

Wed, 12 Dec 2007 08:27:08 -0800 

I have now added the following line to the JAVA_OPTS section of run.bat


  | -Djava.security.manager -Djava.security.policy=server.policy
  | 

Next time I started JBoss I received the following error:


  | Failed to boot JBoss:
  | java.security.AccessControlException: access denied 
(java.util.PropertyPermission * read,write) at 
java.security.AccessControlContext.checkPermission(AccessControlConte
  | xt.java:264)
  |         at 
java.security.AccessController.checkPermission(AccessController.java:
  | 427)
  |         at 
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
  |         at 
java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:
  | 1252)
  |         at java.lang.System.getProperties(System.java:561)
  |         at org.jboss.Main.<init>(Main.java:86)
  |         at org.jboss.Main$1.run(Main.java:489)
  |         at java.lang.Thread.run(Thread.java:595)
  | 

I solved this problem by placing the following in the server.policy file 
(which, for convenience, is currently placed in the bin directory).


  | grant {
  | permission java.security.AllPermission;
  | }; 
  | 

So now my server starts.  Great, I now know the the server.policy in the bin 
directory is being taken notice of.  If I now put application specific 
permissions in the policy file like so:


  | grant {
  | permission java.security.AllPermission;
  | }; 
  | 
  | grant Principal com.ftid.custadmin.security.ClientAdminPrincipal 
"view_customer" {
  |     permission  com.ftid.custadmin.security.ViewIdPermission 
"/client/clientsView.*";
  |     permission  com.ftid.custadmin.security.ViewIdPermission 
"/client/clientLandingPage.*";
  | };
  | 
  | grant Principal com.ftid.custadmin.security.ClientAdminPrincipal 
"view_update_customer" {
  |     permission  com.ftid.custadmin.security.ViewIdPermission 
"/client/clientEdit.*";
  | };
  | 

It doesn't work, my application deployed onto JBoss simply gives access to all 
my subjects, no matter what principles they have assigned.  

Does anybody know how to get the application specific principal permissions 
loaded into the JBoss SecurityManager??

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4112295#4112295

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4112295
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to