Hi all,
I'm trying to execute a Standalone Java Client Application that uses JAAS to authenticate (Client has to connect
to a remote Session Bean)
When I run the client:
java -Djava.security.manager
-Djava.security.policy=client.policy
-Djava.security.auth.login.config=auth.conf MyClientClass
I get the following exception:
Exception in thread "main" java.security.AccessControlException: access denied (
javax.security.auth.AuthPermission createLoginContext.other)
at java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:270)
at java.security.AccessController.checkPermission(AccessController.java:
401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at javax.security.auth.login.LoginContext.init(LoginContext.java:157)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:404)
at client.gui.ProvaUser.main(ProvaUser.java:27)
The strange thing is that I don't get the exception if I run the client in the
directory where client.policy and auth.conf files reside.
I thought that it was a CLASSPATH problem but even if I indicate in the
CLASSPATH the directory where the two files reside, the problem doesn't disappear.
Many thanks in advance
Moreno
-
Standalone Client and JAAS authentication (1 messages)
- Posted by: Moreno Mauri
- Posted on: April 29 2004 08:23 EDT
Threaded Messages (1)
- Standalone Client and JAAS authentication by Paul Strack on April 29 2004 10:18 EDT
-
Standalone Client and JAAS authentication[ Go to top ]
- Posted by: Paul Strack
- Posted on: April 29 2004 10:18 EDT
- in response to Moreno Mauri
The policy and auth.conf files are loaded using a file path, not the classpath. Therefore, the values you specify in the -Djava.security.policy and -Djava.security.auth.login.config must be the full or relative paths to these files, based on the startup directory of the application.
The reason for this is security: if these files were loaded via the classpath, it would be too easy to substitute a "fake" policy file for the real one.