JAAS Poblem
hi i have some problem with the JAAS client that i have
import java.util.Iterator;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
publicclass JAASClient{
publicstaticvoid main(String [] args){
try{
loginAndDoSomething();
}
catch (Exception e){
e.printStackTrace();
}
}
publicstaticvoid loginAndDoSomething()throws Exception{
LoginContext ctx =new LoginContext("SimpleLogin",new SimpleCallbackHandler());
ctx.login();
Subject subj = ctx.getSubject();
System.out.println("Login assigned these principals: ");
Iterator it = subj.getPrincipals().iterator();
while (it.hasNext())
System.out.println("\t" + it.next());
System.out.println();
Subject.doAs(subj,new PrivilegedAction(){
public Object run(){
System.out.println("You live at " + System.getProperty("user.home"));
returnnull;
}
});
ctx.logout();
}
}
now the policy file for this is
grant Principal SimplePrincipal"test"{
//permission java.util.PropertyPermission "user.home", "read";
};
so as you see the permission for user.home is blocked but the line in the above client can access the code. i could not find how to actually access the properties of a principal or how it is actually accessed.
could someone plz suggest something
thanks
[2853 byte] By [
Austina] at [2007-11-26 18:59:05]
# 2
yes and the program runs with the following line
java -Djava.security.manager -Djava.security.auth.login.config=simple_jaas.config -Djava.security.policy=simpleacn.policy -Djava.security.auth.policy=simpleprin.policy JAASClient
Even though the permission is commented i can access the user.home of the principal
The principal is
import java.security.Principal;
public final class SimplePrincipal implements Principal {
private final String name;
public SimplePrincipal(String name) {
if (name == null) {
throw new IllegalArgumentException("Name cannot be null");
}
this.name = name;
}
public int hashCode() {
return name.hashCode();
}
public java.lang.String getName() {
return name;
}
public java.lang.String toString() {
return "SimplePrincipal: " + name + " " + System.getProperty("user.home");
}
public boolean equals(java.lang.Object obj) {
if (obj == null) return false;
if (!(obj instanceof SimplePrincipal))
return false;
SimplePrincipal other = (SimplePrincipal) obj;
System.out.println();
System.out.println("name " + name + " other " + other.getName());
System.out.println();
return name.equals(other.getName());
}
}
and is display in JAASClient using
Iterator it = subj.getPrincipals().iterator();
while (it.hasNext())
System.out.println("\t" + it.next());
# 5
> hi your right i removed the permission for the user.home and it gave an exception. thanks.
Thanks for what? I made no suggestions. You said in your original post that it didn't give an exception. What are you actually running here?
The principal is set for the SecurityManager when you execute code under control of this:
Subject.doAs(subj, new PrivilegedAction() {
You can access the properties of the Principal via the Principal API, or you can grant him selective permissions in the way you've shown above.
But once again I don't see what you're actually trying to do. What's interesting about whether a given Principal can access the current user's user.home?
ejpa at 2007-7-9 20:40:10 >
