I am novice to JAAS and need some help with following issue. Any help in this matter would be highly appreciated.
I have created a Custom Policy class which extends java.security.Policy for doing customized Authorisation. I override the Default JVM Policy (PolicyFile) with my Custom Policy on JVM in programmatic manner as follows:
My Custom Policy is packaged inside a JAR file (customAuthorisation.jar). I have 2 web applications which need the same Custom Policy for Authorisation. The corresponding war files for both the web applications are bundled inside an EAR file. Since both the web applications make use of customAuthorisation.jar, I have marked our customAuthorisation.jar as Common JAR file according to EAR packaging format.
My �java.policy� file contains only following entry:
I deploy the EAR in Jboss-4.0.5.GA.
Now when I execute the web application, I see my Custom Policy not getting executed even though it�s set to JVM properly. I tried to dig more & found that, since customAuthorisation.jar is Packaged as Common JAR, it�s also honored with AllPermission. Due to which the equivalent ProtectionDomain�s (for classes in customAuthorisation.jar) �hasAllPerm� member variable is set to TRUE. Following is the code of implies method of ProtectionDomain class which clearly indicates that if �hasAllPerm� is set to TRUE then DO NOT EXECUTE THE JVM POLICY & SILENTLY RETURN BACK.
Now I do understand the problem but don�t know what�s the right solution to this problem. I tried a few alternatives in �java.policy� but it didn�t work: