harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leo Li" <liyilei1...@gmail.com>
Subject Re: [classlib][security] Does harmony's security/auth module have the function to treat with jaas policy?
Date Tue, 31 Jul 2007 07:36:20 GMT
On 7/31/07, Alexey Varlamov <alexey.v.varlamov@gmail.com> wrote:
>
> Hi Leo,
>
> 2007/7/31, Leo Li <liyilei1979@gmail.com>:
> > Hi, all
> >    In JAAS, there is an additional jaas policy which can be set by "
> > java.security.auth.policy" policy as well as normal java security
> policy.
> > But I found that org.harmony.security.fortress.DefaultPolicyParser will
> not
> > treat with the jaas policy.
>
> How did you came to such conclusion and what you meant exactly? The
> policy format is basically the same and DefaultPolicyParser is
> actually used by org.apache.harmony.auth.DefaultSubjectPolicy which is
> the default JAAS policy. But the policy itself indeed is used nowhere,
> AFAIK. Moreover, it is deprecated and it's use is not documented in
> API specifications. Probably it was intended to affect
> Subject.doAs[Privileged]() behaviour, so you can attempt blackbox
> testing to shed some light into this dark matter ;)



   Hi, Alexey:

Excuse me if I am confusing you.:)

JAAS defines a policy file format for assigning permissions to authenticated
clients. The format looks very similar to the normal Java 2 policy file. In
fact, Java 2 SDK version 1.4 will support both formats from a single file.
For JAAS 1.0, the JAAS-specific sections are in a separate file that looks
like this:

//file conf/SimpleJAAS.policy grant Principal SimplePrincipal "Jack" {
permission java.util.PropertyPermission "user.home", "read"; };

And we can set the jaas policy as well as the normal policy file as

java -cp client;provider;d:\java\jaas1_0\lib\jaas.jar
-Djava.security.manager
-Djava.security.policy=conf/JAASProvider.policy
-Djava.security.auth.policy=conf/SimpleJAAS.policy
-Djava.security.auth.login.config=conf/simple.conf JAASClient

Furthermore, the normal policy file shall not contain the syntax of
Principal, if such a policy file as SimpleJAAS.policy is set as
java.security.policy, RI's parser will complain with

java.security.policy:parserfailure
file:/D:/workspaces/workspace/Test/conf/SimpleJAAS.policy
 expected [;],  but [end of file]

Actually our org.apache.harmony.security.fortress.DefaultPolicy will accept
the format of JAAS policy even if it is set as a normal policy.

So there are two ways to do :

1. Add parsing for the policy file denoted by "java.security.auth.policy".

2. Discriminate normal policy file and JAAS policy file when parsing these
two types of policy files and accept "Principal" concept only in JAAS policy
file.

Have I missed something?:)

--
> Alexey
>
> >    Have I missed something or is the function put in other classes?
> >
> > Thanks.
> > --
> > Leo Li
> > China Software Development Lab, IBM
> >
>



-- 
Leo Li
China Software Development Lab, IBM

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message