开发者

Jaas needs a Java Policy I don't know how to provide it

开发者 https://www.devze.com 2023-02-17 12:11 出处:网络
I\'m trying to use Jaas, Java Authentication and Autorisation service. The server is App Engine so, it is impossible to edit web.xml.

I'm trying to use Jaas, Java Authentication and Autorisation service. The server is App Engine so, it is impossible to edit web.xml. I'm using a servlet filter like:

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 
开发者_开发技巧    throws IOException, ServletException {
    try {
        LoginContext lc = new LoginContext("JaasSample", new AuthenticationCallbackHandler());
        lc.login();
        chain.doFilter(request, response);
        lc.logout();
    } catch (LoginException e) { /* lc.login() fails */}
}

The call to LoginContext checks a policy and throws the following exception:

java.security.AccessControlException: 
access denied (javax.security.auth.AuthPermission createLoginContext.JaasSample)

The code I'm using is from Oracle reference. They explain that in presence of a Security Manager, it is necessary to grant some rights in this fashion:

grant {
    permission javax.security.auth.AuthPermission "createLoginContext.JaasSample";
}

I just don't understand why this as to be made in a JAR.

I can bypass this check with -D--enable_all_permissions=true in the Run Configuration. (But this as to be resolved to go in prod) and then, Jaas configuration file is searched at System.getProperty("user.home")/.java.login.config. Don't it rather be in the projects resources? How this can works in local / in production?

The configuration file is like:

JaasSample {
    com.sun.security.auth.module.Krb5LoginModule required;
};

Thanks so much.

ps. Spring Security can be use with Jaas and works on App Engine. pps. Spring Security can not be used because it starts Spring context which slow down App Engine startup. And the startup in this environment is done all the time.


Use policytool from your $JAVA_HOME/bin directory to grant permission.


The problem solely exists in App Engine Dev Mode ; once delivered their is no such Exception.

So, using -D--enable_all_permissions=true in Run Configuration is enough.

0

精彩评论

暂无评论...
验证码 换一张
取 消