File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes Custom Policy Setting, Jboss, EAR deployment issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Custom Policy Setting, Jboss, EAR deployment issue " Watch "Custom Policy Setting, Jboss, EAR deployment issue " New topic

Custom Policy Setting, Jboss, EAR deployment issue

Beejal Vibhakar

Joined: Dec 07, 2003
Posts: 1
Hello Group,

I am novice to JAAS and need some help with following issue. Any help in this matter would be highly appreciated.

Problem Description

I have created a Custom Policy class which extends for doing customized Authorisation. I override the Default JVM Policy (PolicyFile) with my Custom Policy on JVM in programmatic manner as follows:

My Custom Policy is packaged inside a JAR file (customAuthorisation.jar). I have 2 web applications which need the same Custom Policy for Authorisation. The corresponding war files for both the web applications are bundled inside an EAR file. Since both the web applications make use of customAuthorisation.jar, I have marked our customAuthorisation.jar as Common JAR file according to EAR packaging format.

My �java.policy� file contains only following entry:

I deploy the EAR in Jboss-4.0.5.GA.

Now when I execute the web application, I see my Custom Policy not getting executed even though it�s set to JVM properly. I tried to dig more & found that, since customAuthorisation.jar is Packaged as Common JAR, it�s also honored with AllPermission. Due to which the equivalent ProtectionDomain�s (for classes in customAuthorisation.jar) �hasAllPerm� member variable is set to TRUE. Following is the code of implies method of ProtectionDomain class which clearly indicates that if �hasAllPerm� is set to TRUE then DO NOT EXECUTE THE JVM POLICY & SILENTLY RETURN BACK.

Now I do understand the problem but don�t know what�s the right solution to this problem. I tried a few alternatives in �java.policy� but it didn�t work:

I agree. Here's the link:
subject: Custom Policy Setting, Jboss, EAR deployment issue
It's not a secret anymore!