Principals ans permissions

Thread view:

EdUarDo - 17 Mar 2004 13:32 GMT

Has anyone granted special permission to a special principal in policy file?
It doesn't work for me at J2SDK 1.4.2. When I use Subject.doAs the permission is denied,
but if I use Subject.doAsPrivileged I ever get granted permission for anybody.

The source code is:

SimplePermission.java

package spike.jaas;

import java.security.BasicPermission;

public class SimplePermission extends BasicPermission {
public SimplePermission(String name) {
super(name);
}

public SimplePermission(String name, String actions) {
super(name, actions);
}
}

SimplePrincipal.java

package spike.jaas;

import java.security.Principal;

public class SimplePrincipal implements Principal {
public String getName() {
return "name";
}

public String toString() {
return "SimplePrincipal - " + getName();
}
}

Main.java

package spike.jaas;

import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import java.security.*;

public class Main {
public static void main(String[] args) throws LoginException {
Policy original = Policy.getPolicy();
LoggedPolicy loggedPolicy = new LoggedPolicy(original);
Policy.setPolicy(loggedPolicy);

Security.setProperty("login.config.url.1", "file:g:/projects/jaas-spike/login.rule");

doTask();
}

private static void doTask() throws LoginException {
LoginContext loginContext = new LoginContext("Sample");

loginContext.login();

Subject subject = loginContext.getSubject();

final Permission permission = new SimplePermission("permission");

Subject.doAs(subject, new PrivilegedAction() {
public Object run() {

SecurityManager securityManager = System.getSecurityManager();
if (securityManager == null) {
securityManager = new SecurityManager();
}

securityManager.checkPermission(permission);
return null;
}
});
}
}

POLICY FILE
grant {
    permission java.security.SecurityPermission "getPolicy";
    permission java.security.SecurityPermission "setPolicy";
    permission java.security.SecurityPermission "setProperty.login.config.url.1";
    permission javax.security.auth.AuthPermission "createLoginContext.Sample";
    permission javax.security.auth.AuthPermission "modifyPrincipals";
    permission javax.security.auth.AuthPermission "doAs";
    permission javax.security.auth.AuthPermission "getSubject";
};

grant principal spike.jaas.SimplePrincipal "name" {
    permission spike.jaas.SimplePermission "permission";
};

Reply to this Message

EdUarDo - 17 Mar 2004 15:46 GMT

> Has anyone granted special permission to a special principal in policy
> file?
> It doesn't work for me at J2SDK 1.4.2. When I use Subject.doAs the
> permission is denied,
> but if I use Subject.doAsPrivileged I ever get granted permission for
> anybody.

Well, this happen when the third parameter of doAsPriviledge (AccessControlContext) is
null, because API specification says:

'If the provided AccessControlContext is null, this method instantiates a new AccessControlContext with an empty
collection of ProtectionDomains.'

But if I put the current AccessControlContext, I receive a permission denied like when I use doAs.

Reply to this Message

EdUarDo - 17 Mar 2004 15:48 GMT

>> Has anyone granted special permission to a special principal in policy
>> file? It doesn't work for me at J2SDK 1.4.2. When I use Subject.doAs
[quoted text clipped - 11 lines]
> But if I put the current AccessControlContext, I receive a permission
> denied like when I use doAs.

Sorry, I forgot that anyway, I can't get that my Principal gets permission granted...

What's wrong? Where I can get documentation? At java.sun.com there is nothing about
this issue...

Reply to this Message

Principals ans permissions

Free Magazines