 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / February 2005Problems with JAAS and authorizing URLS
Hi, I just found your URLPermission implementation. I though I did everything right, but I get AccessControlException: : access denied de.fhf.wintra.authorization.URLPermission,/wintra/register.do at java.security.AccessControlContext.checkPermission(AccessControlContext.java :269) at java.security.AccessController.checkPermission(AccessController.java:401) at java.lang.SecurityManager.checkPermission(SecurityManager.java:524) at de.fhf.wintra.authorization.AuthUtils$1.run(AuthUtils.java:69) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:500) at de.fhf.wintra.authorization.AuthUtils.permitted(AuthUtils.java:65) at de.fhf.wintra.login.connect.WintraAuthenticationFilter.doFilter(WintraAuthen ticationFilter.java:197) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:213) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2416) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve. java:171) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne ction(Http11Protocol.java:392) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:619) at java.lang.Thread.run(Thread.java:534) The exception is thrown at sm.checkPermission(perm) of the following code sniplet. try{ Subject.doAsPrivileged(sub, new PrivilegedExceptionAction() { public Object run() { sm.checkPermission(perm); Tracer.debug("SecurityContext=" + sm.getSecurityContext().toString()); return null; } //the 'null' tells the SecurityManager to consider this resource access //in an isolated context, ignoring the permissions of code currently //on the execution stack. //For further information, see chapter 5 of Java Security. }, null); Tracer.info("access granted"); return true;}catch (AccessControlException ace){ Tracer.error("access denied", ace); return false;}catch (PrivilegedActionException pae){ Tracer.error("access denied", pae); return false;} My policy-file looks like this: grant Principal com.tagish.auth.TypedPrincipal "student"{ permission de.fhf.wintra.authorization.URLPermission "/wintra/main.do";} The subject has the principal 'student' I know that the policy file is read, because if I make a mistake in it removing '{' for instance, I get an error as well. The URL I want to have access to looks like this: http://localhost:8080/wintra/main.do I am using Tomcat 4.1.27 and Struts 1.0. All other classes needed are described here: http://www.theserverside.com/resources/article.jsp?l=JAAS Can anyone help me please?  Signature"Das Schwerste an einer Idee ist nicht, sie zu haben, sondern zu erkennen, ob sie gut ist." Chris Howland (*1928), engl. Entertainer Solved it: The problem was: I loaded my custom policy file during start-up of my tomcat application. But the policy file wasn't merged into the static Policy object. To do this, you need to call Policy.refresh(). Then it worked. Greets Christian > Hi, > [quoted text clipped - 3 lines] > de.fhf.wintra.authorization.URLPermission,/wintra/register.do > at java.security.AccessControlContext.checkPermission(AccessControlContext.java > :269) > at java.security.AccessController.checkPermission(AccessController.java:401) > at java.lang.SecurityManager.checkPermission(SecurityManager.java:524) > at de.fhf.wintra.authorization.AuthUtils$1.run(AuthUtils.java:69) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAsPrivileged(Subject.java:500) > at de.fhf.wintra.authorization.AuthUtils.permitted(AuthUtils.java:65) > at de.fhf.wintra.login.connect.WintraAuthenticationFilter.doFilter(WintraAuthen > ticationFilter.java:197) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application > FilterChain.java:213) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh > ain.java:193) > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja > va:256) > at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok > eNext(StandardPipeline.java:643) > at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) > at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja > va:191) > at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok > eNext(StandardPipeline.java:643) > at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) > at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) > at > org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2416) > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180 > ) > at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok > eNext(StandardPipeline.java:643) > at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve. > java:171) > at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok > eNext(StandardPipeline.java:641) > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172 > ) > at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok > eNext(StandardPipeline.java:641) > at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) > at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java > :174) > at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok > eNext(StandardPipeline.java:643) > at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) > at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) > at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601) > at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne > ction(Http11Protocol.java:392) > at > org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565) > at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav > a:619) > at java.lang.Thread.run(Thread.java:534) [quoted text clipped - 30 lines] > > Can anyone help me please? Where did you call the Policy.refresh() from? Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.