Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: tomcat-user@jakarta.apache.org
Message-ID: <20010410111126.74396.qmail@web11901.mail.yahoo.com>
Date: Tue, 10 Apr 2001 04:11:26 -0700 (PDT)
From: Keyton Weissinger <heavykey@yahoo.com>
Subject: JAAS and Tomcat: Looking for Help
To: tomcat-user@jakarta.apache.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

Greetings,

I am attempting to create a JAAS-based set of custom
tags. In doing so I have a checkPermission tag that
takes the class name for a PrivilegedAction which
attempts to read a file, foo.txt. I want only certain
authenticated users to be able to run my
PrivilegedAction. I have this 95% working, but the
last 5% seems impossible. Please help.

I have the jaas.policy file set to give my action the
appropriate permissions when the correct Principal is
authenticated. 

I have tried setting the tomcat.policy file so that
the tag (and all of tomcat) has the permission to read
the file. 

BUT IT STILL DOESN'T WORK!

The only way I can make the thing work is to "grant"
everything permission to read this file, but then I
get the PrivilegedAction firing off regardless of my
logged in principal.

The stack trace indicates that something in the trace
(left out for brevity) does not have
java.io.FilePermission foo.txt read.

What am I doing wrong? How can I have this action
fired ONLY when the proper Principal is authenticated?

Thank you in advance, ANYONE, who can shed some light
on this.

Keyton Weissinger

__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/