I have a problem with a Java WS application that use Jaas authentication through Jboss AS.
If I start the application from the command line (java -jar myApp.jar) it works just fine.
But if I load the application with the JNLP file I get an error like:
The application needs to access a java.policy and a jaas.config files that are located into the jar file.
I was browsing and I was trying many different solutions like:
-adding a property tag under resources in the JNLP file doesn't seem to have any effect
-adding a security tag. Doesn't do anything. (but I have read somewhere that in that case the jar file needs to be signed...)
-here is how I load up the files into my java code
I was trying also to deploy my application jar into the server without the jaas.config and the java.policy and it gives me the same error about ava.security.AccessControlException etc....
So for this reason I think it should not be anything wrong in those 2 files, but the wrong thing seems to be how to load those files through Java Web Start.
Anyway here it is the context of the 2 files:
Does anybody has an idea about how to make those 2 files recognized by the java web start?
WebStart applications (like applets) are governed by the use of a security manager that forbids a number of action, apparently including access to the java.security.auth.login.config system property.
What are you trying to achieve by including a policy file in the jar file? A WebStart application doesn't get to specify its own security. If you need it to do something that's normally forbidden, then it needs to be signed.
The main problem was to load the jaas.config for the authentication so for this reason I was thinking about to load the policy file to give the permissions to the application to read the jaas.config file.
Now I was doing one more test: I was trying to remove the java.policy and deploy the application with the jaas.config file only. In that way it works from the command line as before but not from WebStart, so that means that the java policy maybe not needed at all.
Do you think that if I'll sign the jar file then I'll be able to read the jaas.config?
Is there any practice that I'm missing to load that Jaas file?
Thanks in advance
Joined: Mar 22, 2005
An unsigned application/applet can not elevate its own privileges, and a signed app/applet does not need to do that, since it has all privileges already.
So the only way to achieve what you're trying to do is to sign the app, and once you do that, there's no longer a need to elevate its privileges...
Please fix your display name before your next post, like I asked you to do, or the account will be closed.
Joined: Jun 27, 2009
I'm having some troubles in signing the jar.
Most of the guides that I have found out told me to do that:
Then I have re-uploaded the my-application.jar on the server. and once I launch the JNLP, it recognize the file change, so ti downloads the file again... but nothing changes. it doesn't ask for any authorizations and it ends with the same error.
I was also trying changing the algorithm
but I obtained the same results... nothing change
What is wrong with that procedure? Am I not allowed to use "home-made" certificate?