• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

JAAS and Policy files problems

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello everybody,

I have a problem with a Java WS application that use Jaas authentication through Jboss AS.
If I start the application from the command line (java -jar myApp.jar) it works just fine.
But if I load the application with the JNLP file I get an error like:

The application needs to access a java.policy and a jaas.config files that are located into the jar file.

I was browsing and I was trying many different solutions like:

-adding a property tag under resources in the JNLP file doesn't seem to have any effect

-adding a security tag. Doesn't do anything. (but I have read somewhere that in that case the jar file needs to be signed...)

-here is how I load up the files into my java code

I was trying also to deploy my application jar into the server without the jaas.config and the java.policy and it gives me the same error about ava.security.AccessControlException etc....
So for this reason I think it should not be anything wrong in those 2 files, but the wrong thing seems to be how to load those files through Java Web Start.
Anyway here it is the context of the 2 files:

jaas.config

java.policy

Does anybody has an idea about how to make those 2 files recognized by the java web start?

Thanks in advance to anybody who will help me
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
WebStart applications (like applets) are governed by the use of a security manager that forbids a number of action, apparently including access to the java.security.auth.login.config system property.

What are you trying to achieve by including a policy file in the jar file? A WebStart application doesn't get to specify its own security. If you need it to do something that's normally forbidden, then it needs to be signed.
 
Luke Mero
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The main problem was to load the jaas.config for the authentication so for this reason I was thinking about to load the policy file to give the permissions to the application to read the jaas.config file.
Now I was doing one more test: I was trying to remove the java.policy and deploy the application with the jaas.config file only. In that way it works from the command line as before but not from WebStart, so that means that the java policy maybe not needed at all.

Do you think that if I'll sign the jar file then I'll be able to read the jaas.config?
Is there any practice that I'm missing to load that Jaas file?

Thanks in advance
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
An unsigned application/applet can not elevate its own privileges, and a signed app/applet does not need to do that, since it has all privileges already.

So the only way to achieve what you're trying to do is to sign the app, and once you do that, there's no longer a need to elevate its privileges...

Please fix your display name before your next post, like I asked you to do, or the account will be closed.
 
Luke Mero
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm having some troubles in signing the jar.
Most of the guides that I have found out told me to do that:

Then I have re-uploaded the my-application.jar on the server. and once I launch the JNLP, it recognize the file change, so ti downloads the file again... but nothing changes. it doesn't ask for any authorizations and it ends with the same error.
I was also trying changing the algorithm

but I obtained the same results... nothing change

What is wrong with that procedure? Am I not allowed to use "home-made" certificate?
reply
    Bookmark Topic Watch Topic
  • New Topic