Win a copy of Escape Velocity: Better Metrics for Agile Teams this week in the Agile and Other Processes forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Paul Clapham
  • Jeanne Boyarsky
Sheriffs:
  • Ron McLeod
  • Frank Carver
  • Junilu Lacar
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Frits Walraven
  • fred rosenberger

New JavaRanch Journal article: Authorization using JAAS

 
Rancher
Posts: 43028
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The latest issue of the JavaRanch Journal contains an article by Rahul Bhattacharjee on Authorization using JAAS. Go read it while it's fresh, and discuss it in this thread.
 
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Rahul,

Just wanted to one thing which is not clear from the example :

-The method changeJVMEncoding(Subject subject).

As i can see that the method is creating a anonymous inner class and declaring the method run, it is protecting the System.setProperty() method by using the JAAS framework.
Just wanted to ask that is there a way by which i can protect the System.setProperty() method itself instead of putting it in an authenticated wrapper?
Does JAAS provide something of this sort?
 
Bartender
Posts: 1638
IntelliJ IDE MySQL Database Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Rohit:
is there a way by which i can protect the System.setProperty() method itself instead of putting it in an authenticated wrapper?



As Rahul has mentioned in his article:

There are two sets of interesting methods - doAs and doAsPrivileged. The main purpose of these is to associate the authenticated subject with the the current AccessControlContext.



The only thing that code is doing is asking JAAS to check permissions for the user identity denoted by the subject.
Since, the subject is not automatically associated with the call stack, some piece of code has to tell JAAS as to who is the user who is trying to access this piece of code.

The actual permission check is done inside the method System.setProperty().

Hope this clears your doubt.
[ July 31, 2008: Message edited by: Nitesh Kant ]
 
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Rohit Garg:

Just wanted to ask that is there a way by which i can protect the System.setProperty() method itself instead of putting it in an authenticated wrapper?
Does JAAS provide something of this sort?



I guess your question has already been answered by Nitesh.The actual check is done in the method itself.

The method getProperty of System is already protected.Without granting appropriate permission to the code , you can not invoke this method.

Try running the following,



with security manager enabled.It would throw AccessControlException.(Note: No JAAS is involved here).The reason for this is that by default the policy file doesn't grant the following permission.

permission java.util.PropertyPermission "file.encoding", "read"

Now, if you grant your code the above mentioned permission then it would run just fine.
 
Rohit Garg
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks a tonne guys!!
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic