如何在策略中授予用户权限？

Question

I am able to connect to a LDAP server and authenticating an user. I am also using a policy file that looks like this:

grant codeBase "file:/C:/Codebase/-",
 principal java.security.Principal "john" {
  permission java.util.PropertyPermission "user.home", "read";
  permission java.util.PropertyPermission "java.home", "read";
  permission javax.security.auth.AuthPermission "createLoginContext.TestLdap";
};

If I remove the line principal java.security.Principal "john" , it works fine. But when I specify the Principal, then it stops working by throwing an AccessControlException (even I logged as "john"). I want to grant some users specific privileges such as granting an administrator read and write on files. Why does not it work?

I am trying not to use certificate because I do not want the user interact with anything.

Answer 1

I found that I was logging out in java code (forgot to remove that part of the test) before reading personal info. Also, there is another mistake in the code above. It should have been like this:

grant codeBase "file:/C:/Codebase/-" {
   permission javax.security.auth.AuthPermission "doAsPrivileged";
   permission javax.security.auth.AuthPermission "createLoginContext.TestLdap";
};

grant codeBase "file:/C:/Deveop/Codebase2/-", 
principal com.sun.security.auth.UserPrincipal "john" {
  permission java.util.PropertyPermission "user.home", "read";
  permission java.util.PropertyPermission "java.home", "read";

};

Also, make sure you call Subject.doAsPrivileged(Subject subject, PrivilegedAction<Object> action, null) and implement PrivilegedAction as your action class.