I'm trying to execute a Standalone Java Client Application that uses JAAS to authenticate (Client has to connect
to a remote Session Bean)
When I run the client:
I get the following exception:
Exception in thread "main" java.security.AccessControlException: access denied (
The strange thing is that I don't get the exception if I run the client in the
directory where client.policy and auth.conf files reside.
I thought that it was a CLASSPATH problem but even if I indicate in the
CLASSPATH the directory where the two files reside, the problem doesn't disappear.
Many thanks in advance
The policy and auth.conf files are loaded using a file path, not the classpath. Therefore, the values you specify in the -Djava.security.policy and -Djava.security.auth.login.config must be the full or relative paths to these files, based on the startup directory of the application.
The reason for this is security: if these files were loaded via the classpath, it would be too easy to substitute a "fake" policy file for the real one.