Granting URL Permission in policy file in JAAS

Question

I have made a rest application which is working fine on its own.

import javax.ws.rs.GET;
import javax.ws.rs.Path;

@Path("/helloworld")
public class HelloWorldResource 
{

    @GET
    public String getMessage() 
    {
        return "Hello World!";
    }
}

I want to invoke this from a client using JAAS.There are two Principals namely UserPrincipal and SystemAdminPrincipal.I want to invoke the web service when the Principal is SystemAdminPrincipal.I am using URLPermission to grant permission and apache HttpClient to execute the get method. The policy file is

grant Principal UserPrincipal "user"
{

}; 

grant Principal SysAdminPrincipal "sysadmin"
{
  permission java.net.URLPermission "http://localhost:8080/HelloWorldREST/helloworld","GET";

}; 

But I am encountering Security Exception even for SystemAdminPrincipal.Probably the usage of URLPermission is faulty is my case.Could someone point how to properly use URLPermission.Thanks in advance.

Answer 1

The policy file should grant socket permission prior to granting URLPermission .The policy file should be.

grant Principal SysAdminPrincipal "sysadmin"
{

   permission java.net.SocketPermission "127.0.0.1:8080","connect,resolve";
   permission java.net.URLPermission "http://localhost:8080/HelloWorldREST/helloworld","GET";
}; 

grant Principal UserPrincipal "user"
{

};