You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomee.apache.org by gfolch <fo...@hp.com> on 2014/12/03 14:04:26 UTC

How can I enable JACC in TomEE

Hi, 

I'm developing my own JACC Provider and I want to use it in TomEE.
How can I setup TomEE to use it? 
Based on JACC specs I have to setup some system variables like:
-Djavax.security.jacc.policy.provider=com.example.jacc.YourPolicy 
-Djavax.security.jacc.PolicyConfigurationFactory.provider=com.example.jacc.YourPolicyConfigurationFactory

But it's not working in my case. What I'm missing?

Thanks in advance



--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/How-can-I-enable-JACC-in-TomEE-tp4673113.html
Sent from the TomEE Users mailing list archive at Nabble.com.

Re: How can I enable JACC in TomEE

Posted by Arjan Tijms <ar...@gmail.com>.

As of today, still only seems to work for EJB.

I used this JACC provider: https://github.com/arjantijms/cdi-jacc-provider
build it using mvn clean package and copied the jar to /lib in TomEE 7.0.1.

Added the following as VM parameters:

-Djavax.security.jacc.policy.provider=org.omnifaces.jaccprovider.jacc.policy.DefaultPolicy

-Djavax.security.jacc.PolicyConfigurationFactory.provider=org.omnifaces.jaccprovider.jacc.configuration.TestPolicyConfigurationFactory

Then deployed the web app from the following project:
https://github.com/arjantijms/custom-authorization

The JACC provider is subsequently called, but only for (build-in)
EJBMethodPermissions. No WebAnything permissions are being set and the JACC
code is not called when a Servlet resources is accessed. When I add a
(protected) EJB to the web app and call that from a Servlet, the JACC
provider IS called.

So JACC does work, but indeed only for EJB.





--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/How-can-I-enable-JACC-in-TomEE-tp4673113p4679746.html
Sent from the TomEE Users mailing list archive at Nabble.com.

Re: How can I enable JACC in TomEE

Posted by Romain Manni-Bucau <rm...@gmail.com>.

I guess we wire it for EJB but not the whole webapp. Can you try it in an EJB?


Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau


2014-12-03 15:04 GMT+01:00 gfolch <fo...@hp.com>:
> My Jacc provider jar is in tomee/lib
>
> Also I can see this log entry in Catalina log:
>
> Dec 03, 2014 2:59:43 PM org.apache.openejb.util.OptionsLog info
> INFO: Using
> 'javax.security.jacc.policy.provider=com.example.jacc.YourPolicy'
>
> So I guess TomEE is using my jacc provider.
> However when I do a request to my webApp test application,  trying to get
> the PolicyContext, it fails.
>
> This line:
> Subject s = (Subject)
> PolicyContext.getContext("javax.security.auth.Subject.container");
>
> is throwing an exception:
> java.lang.IllegalArgumentException: No handler can be found for the key
> 'javax.security.auth.Subject.container'
>
> What I'm missing?
>
>
>
> --
> View this message in context: http://tomee-openejb.979440.n4.nabble.com/How-can-I-enable-JACC-in-TomEE-tp4673113p4673115.html
> Sent from the TomEE Users mailing list archive at Nabble.com.

Re: How can I enable JACC in TomEE

Posted by gfolch <fo...@hp.com>.

My Jacc provider jar is in tomee/lib 

Also I can see this log entry in Catalina log:

Dec 03, 2014 2:59:43 PM org.apache.openejb.util.OptionsLog info
INFO: Using
'javax.security.jacc.policy.provider=com.example.jacc.YourPolicy'

So I guess TomEE is using my jacc provider.
However when I do a request to my webApp test application,  trying to get
the PolicyContext, it fails.

This line: 
Subject s = (Subject)
PolicyContext.getContext("javax.security.auth.Subject.container");

is throwing an exception:
java.lang.IllegalArgumentException: No handler can be found for the key
'javax.security.auth.Subject.container'

What I'm missing?



--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/How-can-I-enable-JACC-in-TomEE-tp4673113p4673115.html
Sent from the TomEE Users mailing list archive at Nabble.com.

Re: How can I enable JACC in TomEE

Posted by Romain Manni-Bucau <rm...@gmail.com>.

Hi

javax.security.jacc.policy.provider and
javax.security.jacc.PolicyConfigurationFactory.provider are used but
with container loader (ie did you put your jar in tomee/lib?)

If you want to debug it is here
org.apache.openejb.core.security.AbstractSecurityService#installJacc


Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau


2014-12-03 14:04 GMT+01:00 gfolch <fo...@hp.com>:
> Hi,
>
> I'm developing my own JACC Provider and I want to use it in TomEE.
> How can I setup TomEE to use it?
> Based on JACC specs I have to setup some system variables like:
> -Djavax.security.jacc.policy.provider=com.example.jacc.YourPolicy
> -Djavax.security.jacc.PolicyConfigurationFactory.provider=com.example.jacc.YourPolicyConfigurationFactory
>
> But it's not working in my case. What I'm missing?
>
> Thanks in advance
>
>
>
> --
> View this message in context: http://tomee-openejb.979440.n4.nabble.com/How-can-I-enable-JACC-in-TomEE-tp4673113.html
> Sent from the TomEE Users mailing list archive at Nabble.com.