users@glassfish.java.net

Re: JACC Provider can't check security for itself

From: <glassfish_at_javadesktop.org>
Date: Thu, 15 May 2008 11:59:20 PDT

> Does this have to be done the first time one of my
> Policy implementations is instantiated or can I just
> put it in the static block for the class?

I would expect your Policy impl to only be instantiated once;
just before the jre calls setPolicy (if you configure it via
java security properties file), or if you configure it via
the javax.security.jacc.policy.provider system property,
just before the container calls setPolicy with an instance
of your provider. In the latter case, your provider can use getPolicy()
during its construction, to obtain the default policy impl of the native jre.

> As you might have expected, it doesn't work under
> WebSphere. It starts up, and I can access the
> console, but I get 403 on all my applications.

not sure what does not work. do you mean you get a classNotFound exception
when your provider attempts to create an instance of PolicyFile? If so, then try the delgating appraoch described above an in section 2.7 of the spec.

Ron
[Message sent by forum member 'monzillo' (monzillo)]

http://forums.java.net/jive/thread.jspa?messageID=274658