aspose file tools*
The moose likes JNLP and Web Start and the fly likes JAAS and Policy files problems Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JNLP and Web Start
Bookmark "JAAS and Policy files problems" Watch "JAAS and Policy files problems" New topic
Author

JAAS and Policy files problems

Luke Mero
Greenhorn

Joined: Jun 27, 2009
Posts: 3
Hello everybody,

I have a problem with a Java WS application that use Jaas authentication through Jboss AS.
If I start the application from the command line (java -jar myApp.jar) it works just fine.
But if I load the application with the JNLP file I get an error like:

The application needs to access a java.policy and a jaas.config files that are located into the jar file.

I was browsing and I was trying many different solutions like:

-adding a property tag under resources in the JNLP file doesn't seem to have any effect

-adding a security tag. Doesn't do anything. (but I have read somewhere that in that case the jar file needs to be signed...)

-here is how I load up the files into my java code

I was trying also to deploy my application jar into the server without the jaas.config and the java.policy and it gives me the same error about ava.security.AccessControlException etc....
So for this reason I think it should not be anything wrong in those 2 files, but the wrong thing seems to be how to load those files through Java Web Start.
Anyway here it is the context of the 2 files:

jaas.config

java.policy

Does anybody has an idea about how to make those 2 files recognized by the java web start?

Thanks in advance to anybody who will help me
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41509
    
  53
WebStart applications (like applets) are governed by the use of a security manager that forbids a number of action, apparently including access to the java.security.auth.login.config system property.

What are you trying to achieve by including a policy file in the jar file? A WebStart application doesn't get to specify its own security. If you need it to do something that's normally forbidden, then it needs to be signed.


Ping & DNS - my free Android networking tools app
Luke Mero
Greenhorn

Joined: Jun 27, 2009
Posts: 3
The main problem was to load the jaas.config for the authentication so for this reason I was thinking about to load the policy file to give the permissions to the application to read the jaas.config file.
Now I was doing one more test: I was trying to remove the java.policy and deploy the application with the jaas.config file only. In that way it works from the command line as before but not from WebStart, so that means that the java policy maybe not needed at all.

Do you think that if I'll sign the jar file then I'll be able to read the jaas.config?
Is there any practice that I'm missing to load that Jaas file?

Thanks in advance
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41509
    
  53
An unsigned application/applet can not elevate its own privileges, and a signed app/applet does not need to do that, since it has all privileges already.

So the only way to achieve what you're trying to do is to sign the app, and once you do that, there's no longer a need to elevate its privileges...

Please fix your display name before your next post, like I asked you to do, or the account will be closed.
Luke Mero
Greenhorn

Joined: Jun 27, 2009
Posts: 3
I'm having some troubles in signing the jar.
Most of the guides that I have found out told me to do that:

Then I have re-uploaded the my-application.jar on the server. and once I launch the JNLP, it recognize the file change, so ti downloads the file again... but nothing changes. it doesn't ask for any authorizations and it ends with the same error.
I was also trying changing the algorithm

but I obtained the same results... nothing change

What is wrong with that procedure? Am I not allowed to use "home-made" certificate?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JAAS and Policy files problems