You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Etienne Deleflie <et...@proxima-tech.com> on 2003/06/25 04:28:29 UTC

tomcat 4.0 and jaas (without JASSRealm)

Hello,

I am getting a security exception when my servlet is loaded:

java.lang.ExceptionInInitializerError: java.lang.SecurityException: 
java.lang.ClassNotFoundException: javax.security.auth.SubjectDomainCombiner
	at javax.security.auth.Subject.(Subject.java:170)
	at  bla.bla.blaom.mycompmany.etc. UserManager.java:107)

I assume it is because I need to declare that I can trust jaas.jar. I am 
using jdk 1.3.... and tomcat 4.0.1

If I understand correctly, Tomcat makes the JDK's resident policy file 
defunct for its webapps, and replaces it with catalina.policy.

so in catalina.policy, I am trying to grant jaas.jar all permissions 
(for tests sake) with the following lines:

grant codeBase "file:${catalina.home}/webapps/myApp/lib/-" {
         permission java.security.AllPermission;
};

This does not work. I get the same error.

So I have created a jaas.policy file and a jaas.conf and I am referring 
them into the JVM by running Tomcat with the following options:

CATALINA_OPTS= -Djava.security.auth.policy==/bla/bla/bin/jaas.policy 
-Djava.security.auth.login.config=/bla/bla/config/jaas.conf

Should this do the trick ? or will the Tomcat sandbox environement 
ignore this ?

any suggestions ?

any help is appreciated

etienne


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org