JNDI and ServletExec

Mon, 26 Jul 1999 08:17:36 -0700 

I have already sent this question to New Atlanta, but I thought that it
would also be of interest to the members of this list.

I am trying to use the JNDI extension with the LDAP service provider in a
servlet.  The problem is that if the servlet engine has to re-load the
servlet, I will get a security exception:

NamingException: javax.naming.NoInitialContextException: Cannot instantiate
class: com.sun.jndi.ldap.LdapCtxFactory [Root exception is
java.security.AccessControlException: access denied
(java.lang.RuntimePermission getClassLoader )]

I have tried to set the VM permissions as directed (even though the jar
files are located in the ext directory) in the jndi-ext.html and
ldap-ext.html files included in the JNDI1_2.zip and ldap1_2.zip archives,
but they are somewhat vague, and may not address the issue of using the
ServletExec class loader.

Here are the permissions I have set:

grant codeBase "file:${java.home}/lib/ext/jndi.jar" {
  permission java.util.PropertyPermission "java.naming.factory.initial",
"read";
  permission java.util.PropertyPermission "java.naming.factory.object",
"read";
  permission java.util.PropertyPermission "java.naming.factory.url.pkgs",
"read";
  permission java.util.PropertyPermission "java.naming.factory.state",
"read";
  permission java.util.PropertyPermission "java.naming.factory.control",
"read";
  permission java.util.PropertyPermission "java.naming.provider.url",
"read";
  permission java.util.PropertyPermission "java.naming.dns.url", "read";
  permission java.lang.RuntimePermission "getClassLoader";
};

grant codeBase "file:${java.home}/lib/ext/ldapbp.jar" {
  permission java.lang.RuntimePermission "getClassLoader";
};

grant codeBase "file:${java.home}/lib/ext/ldap.jar" {
  permission java.lang.RuntimePermission "getClassLoader";
};

grant codeBase "file:${java.home}/lib/ext/providerutil.java" {
  permission java.lang.RuntimePermission "getClassLoader";
};

Here are the specs:

jdk1.2 Solaris
Solaris 2.6
SerlvetExec 2.1
JNDI 2.1

Any help would be greatly appreciated.

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to