Skip to main content

Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Remote Application Platform (RAP) » JAAS authorization problem in RAP application
JAAS authorization problem in RAP application [message #112342] Thu, 13 November 2008 16:45
Eclipse UserFriend
Originally posted by:


The goal is to try and use JAAS authorization in a RAP application (mainly
to authorize components that are not declaratively created e.g. Based on
role, TreeViewer should display only a part of the Tree to some users, the
entire Tree to others).

Towards this goal, initially JAAS authentication is used and a Subject
with a role Principal created. Thereafter, JAAS authorization is used when
the user clicks a menu item. In the execute() method of a class that
extends org.eclipse.core.commands.AbstractHandler:

Subject.doAsPrivileged(subject, new PrivilegedExceptionAction() {

public Object run() throws Exception {
SQLPermission perm = new SQLPermission("setLog");

IWorkbenchWindow window = MyUtils.getActiveWorkbenchWindow();
// business logic processing

return null;
}, null);

Following is the policy.jaas file where permissions are declared:
grant codeBase "file:C:/eclipse-workspace/blahblah/target/classes/"
principal RolePrincipal "superUser" {
Permission java.sql.SQLPermission "setLog";

The problem is that no matter what the user role, processing continues
without an AccessControlException being thrown. Debugging is not totally
helpful since most of the core java security classes have not been
compiled with debug tracing on. However, it is observed that a object appears in the only ProtectionDomain
object of AccessContext when
AccessController.checkPermission(SQLPermission) is called:

AccessController.checkPermission(perm) in turn calls:
AccessControlContext stack = getStackAccessControlContext();
AccessControlContext acc = stack.optimize();

In one of the last 2 methods, the following ProtectionDomain object
appears in the AccessControlContext:

[ProtectionDomain (file:/C:/eclipse-workspace/blahblah/target/classes/
<no signer certificates>)
(principals "normal") (
( <all permissions> <all actions>)


As seen above, the role is "normal". Only a role "superUser" should have
been granted access as per the policy file. i suspect this AllPermission
object is the reason why the security check is passing even when it should

Any indicators as to why and from where this AllPermission object is
appearing? Or is the problem somewhere else? Pointers to resolving the
above problem are much appreciated.

Best Regards,
Previous Topic:Misplaced drop down menu in a toolbar drop-down item when working with ActionCon
Next Topic:How to notify a view when the workbench is fully started
Goto Forum:

Current Time: Wed Feb 08 11:07:35 GMT 2023

Powered by FUDForum. Page generated in 0.01299 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top