Jaas needs a Java Policy I don't know how to provide it
https://stackoverflow.com/questions/5314966
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm trying to use Jaas, Java Authentication and Autorisation service. The server is App Engine so, it is impossible to edit web.xml. I'm using a servlet filter like:
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
try {
LoginContext lc = new LoginContext("JaasSample", new AuthenticationCallbackHandler());
lc.login();
chain.doFilter(request, response);
lc.logout();
} catch (LoginException e) { /* lc.login() fails */}
}
The call to LoginContext checks a policy and throws the following exception:
java.security.AccessControlException:
access denied (javax.security.auth.AuthPermission createLoginContext.JaasSample)
The code I'm using is from Oracle reference. They explain that in presence of a Security Manager, it is necessary to grant some rights in this fashion:
grant {
permission javax.security.auth.AuthPermission "createLoginContext.JaasSample";
}
I just don't understand why this as to be made in a JAR.
I can bypass this check with -D--enable_all_permissions=true in the Run Configuration. (But this as to be resolved to go in prod) and then, Jaas configuration file is searched at System.getProperty("user.home")/.java.login.config. Don't it rather be in the projects resources? How this can works in local / in production?
The configuration file is like:
JaasSample {
com.sun.security.auth.module.Krb5LoginModule required;
};
Thanks so much.
ps. Spring Security can be use with Jaas and works on App Engine. pps. Spring Security can not be used because it starts Spring context which slow down App Engine startup. And the startup in this environment is done all the time.
Solution 2
The problem solely exists in App Engine Dev Mode ; once delivered their is no such Exception.
So, using -D--enable_all_permissions=true in Run Configuration is enough.
OTHER TIPS
Use policytool from your $JAVA_HOME/bin directory to grant permission.
