Blog do projektu Open Source JavaHotel

sobota, 19 maja 2012

JSPWiki in the Cloud, JAAS security

I spent some time enabling JAAS security implemented in JSPWiki. After removing some bugs in the JSPWiki I was successful in the development mode (with options like: "Log in", "Preferences", "Adding new user", "Adding group" etc.). But after deploying to Google App Engine it failed with message like:
2012-05-18 23:41:43.072
org.apache.log4j.Logger error: Failed to start managers.
java.security.AccessControlException: access denied (javax.security.auth.AuthPermission modifyPrincipals)
 at java.security.AccessControlContext.checkPermission(AccessControlContext.java:355)
 at java.security.AccessController.checkPermission(AccessController.java:567)
 at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
 at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:56)
 at javax.security.auth.Subject$SecureSet.add(Subject.java:1076)
 at java.util.Collections$SynchronizedCollection.add(Collections.java:1634)
 at org.apache.wiki.WikiSession.invalidate(WikiSession.java:615)
 at org.apache.wiki.WikiSession.guestSession(WikiSession.java:775)
 at org.apache.wiki.WikiSession.staticGuestSession(WikiSession.java:805)
 at org.apache.wiki.WikiSession.getWikiSession(WikiSession.java:744)


I also realized the in the development mode I added the following parameter to "Run" configuration : -D--enable_all_permissions=true just turning the security off. But of course it is out of my control in the production mode.
It seems that although javax.security.auth is listed on the Google App Engine list of supported packages it does not work and there is no way to overcome it.
So after spending some time I'm again at the very beginning with JSPWiki security. I see two options available : create security mechanism on my own or reuse some existing security framework (like Spring security).

Brak komentarzy:

Publikowanie komentarza