Getting Principal based grants to work
Ravi S
I'm having problems tryig to get the Principal based grant section in
the default policy file implementation to work, but I'm having no luck.
Looks like I'm missing something really basic. Any help would be
greatly appreciated.
This is what I'm doing -
1. Created a custom Principal implementation, called
jaastest.RolePrincipal
2. Craeted a new policy file, "jaastest.policy". Added the following
sections -
grant codeBase "file:/D:\-"{
permission javax.security.auth.AuthPermission "*";
permission java.security.SecurityPermission "*";
};
grant Principal jaastest.RolePrincipal "testrole"{
permission java.io.FilePermission "C:\test.txt" ,"read";
};
3. Created a Subject, added a RolePrincipal instance with role name as
"testrole" to it
4. Added the following authorization check -
Subject.doAsPrivileged(subject, new PrivilegedExceptionAction() {
public Object run() {
File ff = new File("C:\\test.txt");
ff.canRead();
return null;
}
}, null);
5. Ran the above code with the new policy file (using the
-Djava.security.policy option)
6. I end up with this -
Exception in thread "main" java.security.AccessControlException: access
denied (
java.io.FilePermission C:\test.txt read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkRead(Unknown Source)
at java.io.File.canRead(Unknown Source)
at
il.siqee.security.runtime.SecurityTestMain$1.run(SecurityTestMain.jav
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Unknown Source)
at
il.siqee.security.runtime.SecurityTestMain.main(SecurityTestMain.java
It looks like permissions relating to the custom principal are not
being considered ? Am I missing something here ?
Regards,
Ravi