Forum Stats

  • 3,814,249 Users
  • 2,258,850 Discussions
  • 7,892,636 Comments

Discussions

How set Policy.Provider to be your class?

843811
843811 Member Posts: 49,851
I have made a class EJBPolicy that extends java.security.Policy (i'm using jdk1.4), and overrides the abstract methods. Then in my java.home folder, I changed the file "java.security" so the property "policy.provider" now reads "EJBPolicy". I also changed the "java.security" file in my installation folder (just to be sure). I do not have that file in "user.home". I also added the EJBPolicy to the classpath (added both the folder it is in, as well as the file itself). Then I ran my application like this:
java -classpath D:\JAAS;D:\JAAS\M -Djava.security.manager -Djava.security.auth.login.config=jaas.conf -Djava.security.policy=jaasazn.policy JaasAzn

The "jaasazn.policy" file gives me the ability to get/set the Policy. I added a method to my policy class called getName(), which returns "EJBPolicy". However, when I do this in my app:
System.out.println(((EJBPolicy)thePolicy).getName());
it results in the error:
java.lang.ClassCastException: sun.security.provider.PolicyFile

If I call Policy.setPolicy() and set it to my class EJBPolicy, then it works. But I thought I was able to make my class the default polciy class. What am I doing wrong?

Comments

  • 843811
    843811 Member Posts: 49,851
    Hi,

    I am getting the same problem....i havent as yet tried to ...setPolicy() but i do see that its not loading the indicated policy class -- even tho the property is correctly retrieved....

    Also -- just removing the java.security file or totally commenting out the policy.* properties has no effect -- it always loads the default provider. Also seems to be true with the older 1.2.2 -- seems to me - there must be another catch to installing your provider that is not explained in the oft-repeated lines (atleast in 3 books and many other articles...)
    -- "...enable this new policy class, just edit the policy.provider entry in your java.security file..."

    Here's output of some tests from running of a simple app that
    a) retrieves the system property "policy.provider"
    b) retrieves the current policy object (Policy.getPolicy()) and checks the class name
    c) opens a simple text file (testpolicy.txt) and prints out its contents
    [...by changing OS permissions on the file i can produce 'access denied']

    Summary:
    - in all cases the policy.provider is retruned with the right class name
    - If -Djava.security.manager is supplied on the command line -- access to the "policy.provider" property is denied and an exception is thrown by getPolicy() [since app has no special permissions]
    ** but in all cases the sun.security.provider.PolicyFile class is loaded and being used *** shown by the -verbose option.

    .... if anyone has the anwser handy as to what is (not) being done - please post it....thanks.

    Test 1 -- with the file having no permission, and no -Djava.security.manager specified on cmdline

    --- Starting tests -- Here we go
    ==> Provider is set as com.....PolicyLSDB
    Policy is instantiated
    PolicyFile instance returned
    Tester: Cant find file
    ->testpolicy.txt (Access is denied)

    ----- ended test -- exiting

    Test 2 - with file having open permissions, but no -Djava.security.manager specified

    --- Starting tests -- Here we go
    ==> Provider is set as com.landmark.security.PolicyLSDB
    Policy is instantiated
    PolicyFile instance returned
    This is a test file for the Policy tester stuff
    This is a test file for the Policy tester stuff
    This is a test file for the Policy tester stuff
    This is a test file for the Policy tester stuff
    This is a test file for the Policy tester stuff
    This is a test file for the Policy tester stuff
    This is a test file for the Policy tester stuff

    ?
    ----- ended test -- exiting

    Test 3 - with -Djava.security.manager given on cmdline
    --- Starting tests -- Here we go
    ...property exception ==> access denied (java.security.SecurityPermission getProperty.policy.provider)
    Exception in thread "main" java.security.AccessControlException: access denied (java.security.SecurityPermission getPolicy)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.security.Policy.getPolicy(Unknown Source)
    at com.landmark.security.Testpolicy.main(Testpolicy.java:35)
  • 843811
    843811 Member Posts: 49,851
    Okay, got it to work -- the policy provider needs to be in the bootclasspath
    For 1.4 use the option -Xbootclasspath/a:<path-to-your-policy-class>
  • 843811
    843811 Member Posts: 49,851
    yeah, but when I do that it throws an "illegalaccessexception". Can you post your policy class's code so i can try it with yours? maybe mine is wrong?
  • 843811
    843811 Member Posts: 49,851
    got it to work! What I had to do was change the constructor to be public.
  • 843811
    843811 Member Posts: 49,851
    Can you suggest me how to define application specific permissions.I am trying to implement role based security by extending the Policy class.I would like to use currently existing security services provider.

    thanks

    Vijay

This discussion has been closed.