Method Permissions
Harish Murthy
Im planning to have a setup,
where only certain principals have access to execute
PriviligedActions thru Subject.doAs(..)
Could you pls tell me whether the below approach is the best one or not.
My policy file would look like.
grant Principal sample.MyPrincipal "joeuser"
{
permission sample.MyMethodPermission "sample.myPrivligedAction.run()"
}
where sample.MyMethodPermission extends BasicPermission
and I want ONLY "joeuser" to be able to execute sample.myPrivligedAction.
what should I be taking into account when I write the sample.MyMethodPermission ?
Can i associate a permission object to a method as shown
in sample.myPrivligedAction.run() ?
An example of a Method level permission would be great.
Thanks
Harish
Ben Cox
"Harish Murthy" <goo...@sjce.net> wrote:
> where sample.MyMethodPermission extends BasicPermission
> and I want ONLY "joeuser" to be able to execute sample.myPrivligedAction.
>
> what should I be taking into account when I write the
sample.MyMethodPermission ?
> Can i associate a permission object to a method as shown
> in sample.myPrivligedAction.run() ?
>
> An example of a Method level permission would be great.
If this is all you really want to do, you don't need to do much.
in MyMethodPermission:
public MyMethodPermission() { super("MyMethodPermission"); }
public boolean implies(Permission perm) {
return (perm instanceof MyMethodPermission);
}
and in myPrivilegedAction.run():
...
java.security.AccessController.checkPermission(new
MyMethodPermission());
...
and you're off to the races. The above checkPermission() call will throw a
java.security.AccessControlException (which extends
java.lang.SecurityException) if the current access control context's set of
protection domains don't include a MyMethodPermission.
-- Ben
Harish Murthy
I did as instructed , but I have not been able to get it running.
Below is the code and the policy file.
All the code is the package 'samples' ..
MyMethodPermission.java
package samples;
public class MyMethodPermission extends BasicPermission{
public MyMethodPermission() { super("MyMethodPermission");}
public boolean implies(Permission perm) {
return (perm instanceof MyMethodPermission); }
}
sample_java2.policy
/** Java 2 Access Control Policy for the JAAS Sample Application **/
grant codebase "file:/C:/jaas/jaas1_0/doc/samples/sample.jar" {
permission java.security.AllPermission;
permission samples.MyMethodPermission ; }
sample_jaas.policy
/** Subject-Based Access Control Policy for the JAAS Sample Application **/
grant Principal samples.SamplePrincipal "testUser" {
permission samples.MyMethodPermission ;
};
Sample.java
main()
{... // lcontext has the principal "testUser"
Subject.doAs(lcontext.getSubject(), new SampleAction());
..}
SampleAction.java
public Object run() {
java.security.AccessController.checkPermission(new MyMethodPermission())
};
On execution , I get
-------------------------------------------------------------------------------
Exception in thread "main" java.security.AccessControlException: access denied
samples.MyMethodPermission MyMethodPermission)
at java.security.AccessControlContext.checkPermission(AccessControlCon
xt.java:272)
at java.security.AccessController.checkPermission(AccessController.jav
399)
at samples.SampleAction.run(SampleAction.java:38)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:378)
at samples.Sample.main(Sample.java:105)
-------------------------------------------------------------------------------
Could you kindly advise as what the problem is ??
Thanks
Harish
"Ben Cox" <c...@summa-tech.com> wrote in message news:<v5g28.3680$At4....@nwrddc02.gnilink.net>...
Harish Murthy
Fixed the problem...
All i had to was change the entries from
permission samples.MyMethodPermission ;
to
permission samples.MyMethodPermission MyMethodPermission ;
in both the policy files
Thanks
Harish
goo...@sjce.net (Harish Murthy) wrote in message news:<1c5da14f.02011...@posting.google.com>...