Integrating java security API with host OS

Thread view:

Boris Bralo - 27 Jan 2004 13:16 GMT

Hi all

I'd like to check if some user can access some file.
This is code snippet (exception handling ommited):
public static void main(String[] args) {

Subject s = new Subject();

// AD is configured kerberos login context

LoginContext lc = new LoginContext("AD",s,new TextCallbackHandler());

lc.login();

File f = new File("C:\\bin");

System.out.println("I " + (f.canRead() ?"can":"can not" ) + "read" );

Subject.doAsPrivileged(s, new PrivilegedAction() {

public Object run() {

File f = new File("C:\\bin");

System.out.println("You " + f.canRead());

return null;

}

},null);

}

I managed to logon onto Active Directory OK, but both File.canRead() fails
when snippet is ran with java -Djava.security.manager and pass when ran
without -D....,
regardless of login success.

Any ideas?

---

Boris

Reply to this Message

Boris Bralo - 16 Feb 2004 12:38 GMT

Hi all,
I've done some research since initial posting and discovered
that I'm on my own and I'll have to wrap native API.

I think that's shame, beacuse java security infrastructure has
very good and complete authentication. For authorization,
you're left with policy file.

Is there a JCP for this ?

I don't belive that this isn't scratching the itch since, during my
research, I've see all kinds of wierd solutions for this problem. For
example, BEA uses System.exec() to spawn little utility executable named
wlauth to check permission on host OS. I'm trying to build an app for very
high traffic site, and I'll be so fired if I suggest something like that

:-).

---

Boris

> Hi all
>
[quoted text clipped - 40 lines]
>
> Boris

Reply to this Message

Integrating java security API with host OS

Free Magazines