•  01-06-2022
  •  | 
  •  

Question

My "deny all" policy does not cause SecurityException in Eclipse RCP part. But works properly in plain java class test — checkPermission throws SecurityException.

I'm using custom policy with implies method. It denies all subjects that have any principal. Check is done inside doAs in some RCP ViewPart.

ViewPart. Settings my policy, creating subject with principal, running doAs for that subject and checking permission:

public class MyPart extends ViewPart {
    public void createPartControl(Composite parent) {
        Policy.setPolicy(new MyPolicy());
        Subject subject = new Subject();
        subject.getPrincipals().add(new Principal() {
            public String getName() {
                return "MyPrincipal";
            }
        });
        Subject.doAs(subject, new PrivilegedAction<Object>() {
            @Override
            public Object run() {
                try {
                    AccessController.checkPermission(new MyPerm("abc"));
                }
                catch(SecurityException e) {
                    e.printStackTrace();
                }
                return null;

            }
        });
    }
}

Policy. Policy that denies all actions for subjects with principal:

public class MyPolicy extends java.security.Policy {
    public boolean implies(ProtectionDomain domain, Permission permission) {
        if (domain.getPrincipals().length == 0) {
            //not inside of doAs
            return true;
        }

        System.out.println("deny all");
        return false;
    }
}

Simple permission for test:

public class MyPerm extends Permission {
    public MyPerm(String name) {
        super(name);
    }

    public boolean implies(Permission permission) {
        return false;
    }

    public boolean equals(Object o) {
        return false;
    }

    public int hashCode() {
        return 0;
    }

    public String getActions() {
        return null;
    }
}

Both in plain java class test and in Eclipse RCP, I can see "deny all" string in console. So, my policy is applied in both cases.

Was it helpful?

Solution

Did not succeeded to make JAAS Policy work properly in RCP. Finished with dirty hack workaround: throwing AccessControlException right from the place, where Policy returns false.

Example:

public class MyPolicy extends java.security.Policy {
    public boolean implies(ProtectionDomain domain, Permission permission) {
        ...
        System.out.println("deny all");
        throw new AccessControlException("Access denied");
        return false;
    }
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top