How to grant user permission in Policy?
Question
I am able to connect to a LDAP server and authenticating an user. I am also using a policy file that looks like this:
grant codeBase "file:/C:/Codebase/-",
principal java.security.Principal "john" {
permission java.util.PropertyPermission "user.home", "read";
permission java.util.PropertyPermission "java.home", "read";
permission javax.security.auth.AuthPermission "createLoginContext.TestLdap";
};
If I remove the line principal java.security.Principal "john" , it works fine. But when I specify the Principal, then it stops working by throwing an AccessControlException (even I logged as "john"). I want to grant some users specific privileges such as granting an administrator read and write on files. Why does not it work?
I am trying not to use certificate because I do not want the user interact with anything.
1 answers
solution1
1 ACCPTED 2015-05-13 17:36:42
I found that I was logging out in java code (forgot to remove that part of the test) before reading personal info. Also, there is another mistake in the code above. It should have been like this:
grant codeBase "file:/C:/Codebase/-" {
permission javax.security.auth.AuthPermission "doAsPrivileged";
permission javax.security.auth.AuthPermission "createLoginContext.TestLdap";
};
grant codeBase "file:/C:/Deveop/Codebase2/-",
principal com.sun.security.auth.UserPrincipal "john" {
permission java.util.PropertyPermission "user.home", "read";
permission java.util.PropertyPermission "java.home", "read";
};
Also, make sure you call Subject.doAsPrivileged(Subject subject, PrivilegedAction<Object> action, null) and implement PrivilegedAction as your action class.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.