Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 61664 invoked from network); 22 Feb 2005 01:31:45 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 22 Feb 2005 01:31:45 -0000 Received: (qmail 92743 invoked by uid 500); 22 Feb 2005 01:31:33 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 92694 invoked by uid 500); 22 Feb 2005 01:31:33 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 92679 invoked by uid 99); 22 Feb 2005 01:31:33 -0000 X-ASF-Spam-Status: No, hits=0.2 required=10.0 tests=FORGED_RCVD_HELO,NO_REAL_NAME X-Spam-Check-By: apache.org Received-SPF: neutral (hermes.apache.org: local policy) Received: from mail.tsainc.com (HELO lng002.tsacorp.com) (206.201.23.30) by apache.org (qpsmtpd/0.28) with ESMTP; Mon, 21 Feb 2005 17:31:32 -0800 In-Reply-To: <92097888.1109027031632.JavaMail.jira@ajax.apache.org> To: dev@geronimo.apache.org Subject: Re: [jira] Commented: (GERONIMO-586) Exceptions at startup if Geronimo started under security manager MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.2 June 01, 2004 From: sissonj@insession.com Message-ID: Date: Tue, 22 Feb 2005 11:31:25 +1000 X-MIMETrack: Serialize by Router on lng002/SVR/TSA(Release 6.5.2|June 01, 2004) at 02/21/2005 19:31:40, Serialize complete at 02/21/2005 19:31:40 Content-Type: text/plain; charset="US-ASCII" X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N "John Sisson (JIRA)" wrote on 22/02/2005 10:03:51 AM: > [ http://issues.apache.org/jira/browse/GERONIMO-586?page=comments#action_59546 ] > > John Sisson commented on GERONIMO-586: > -------------------------------------- > > The GeronimoPolicy class has two constructors, one of them has a > parameter root, or type Policy, but this is not used by SecurityServiceImpl. > > If SecurityServiceImpl is changed to pass the default system policy > on the GeronimoPolicy constructor, Geronimo initialisation under a > security manager gets a lot further, until it hits another problem > with the GeronimoPolicy.getPermissions(..) method, which I will > document in another comment. > My workaround was to just pass Policy.getPolicy() as the 2nd parameter on the constructor, but I don't think that is a proper solution if the security service can be stopped and restarted and also does not comply with the JACC spec, Section 2.7 - What the application server should do, 2nd last paragraph, regarding setPolicy() only should be called once. Thoughts? John > I am assuming that the GeronimoPolicy implementation should be > behaving as a "delegating Policy provider" as described in Section > 2.5 of the JACC spec. If this is the case, it should be documented > on the Wiki / installation instructions (also see last paragraph of > section 2.5). >