Working with "codebases" in the security policy during development in Eclipse
I am working with Java security policies and it's still rather new for me. I will like to be able to run the code directly as a launch configuration, so I have a debugger and all the other nice IDE stuff.
I can get it to work until I use the codebase attribute in the policy.
I have a class in the package application that creates a LoginContext. The policy file is located in the root of my project. With this content it works fine:
grant {
permission javax.security.auth.AuthPermission "createLoginContext.Sample";
permission javax.security.auth.AuthPermission "doAsPrivileged";
};
But when I add the codebase it fails with Cannot create LoginContext. access denied ("javax.security.auth.AuthPermission" "createLoginContext.Sample")
grant codebase "file:./bin/application/-" {
permission javax.security.auth.AuthPermission "createLoginContext.Sample";
permission javax.security.auth.AuthPermission "doAsPrivileged";
};
I have tried these values for codebase
- file:application/-
- file:./application/-
- file:bin/application/-
- file:./bin/application/-
- file:C:/Full Path/to/project/bin/application/-
- file://C:/Full Path/to/project/bin/application/-
(In case it matters: The full path includes spaces)
I managed to find the problem using JAAS's debug output, which I can really recommend.
In short the codebase is always the binary root folder (or jar) not the package folder containing the class file. In my case it meant that the codebase of all classes was path/to/project/bin which didn't match path/to/project/bin/application/- specified in the policy.
To solve this one needs to have multiple bin-folders or "output folder" as Eclipse name them. To get this:
- Go into
Project Properties > Java Build Pathand select theSourcetab - Activate
Allow output folders for source folders - Add as many source folders you like, by clicking
Add Folder - For each source folder, specify the output folder by first selecting the output folder item and then click edit.
After this you can have the policy point to each folder like this
grant codebase "file:binLogin/-" {
permission javax.security.auth.AuthPermission "modifyPrincipals";
};
grant codebase "file:binApp/-" {
permission javax.security.auth.AuthPermission "createLoginContext.Sample";
permission javax.security.auth.AuthPermission "doAsPrivileged";
};
I hope this might help others in the future.
- Keep numbers which appear in both columns, in J lang
- Differentiation in J
- How to reshape an array with an arbitrary size in one dimension?
- Why is Insert (fold) right associative
- Write 4 : 'x&{.&.;: y' tacitly
- Alignment issue when printing formatted prime numbers in J language
- How can I define a verb in J that applies a different verb alternately to each atom in a list?
- How to get user input in the J programming language
- How to unbox a list of boxed lists of differing lengths in J?
- How can I fix 'noun result was required' error in J?
- In j, how can I define a verb locally in one scope and pass it to a defined adverb?
- Convert boxed array to normal array?
- Read column of CSV file as array
- Replace atom in array of strings
- What does the dyad `=` do to boxed strings?
- Index of minimum element using J
- How can I take the outer product of string vectors in J?
- Building an array of verbs in J
- Reading in multidigit command line parameter
- Amend with bond to new data shows unexpected behaviour
- How to turn a table or matrix into a (flat) list in J
- How to run dissect in J?
- How to define selection using index function in J
- How to exit the J console?
- Find 4-neighbors using J
- Writing custom verbs in J
- How do I negate a selector in J lang?
- How to use arbitrary selector in interchange in J lang?
- different result once square root is added inside tacit
- Sum of arrays with repeated indices