15.3.2.2 Writing standard policy files

The setup code for JAAS must have certain permissions. Code that creates a login context and calls the doAs and doAsPrivileged methods must have at least these permissions: permission javax.security.auth.AuthPermission createLoginContext; permission javax.security.auth.AuthPermission doAs; permission javax.security.auth.AuthPermission doAsPrivileged; Of course, this code will need other permissions based on what else it does, as well as all the permissions listed in the JAAS policy file. For simplicity, we generally grant the setup code all permissions. The code that implements the actual login module must have at least this permission: permission javax.security.auth.AuthPermission modifyPrincipals; However, different login modules will need different permissions based on what they do. The JNDI login module, for example, needs to be able to open sockets to whatever naming service it is using. Various providers for the JNDI login module need other permissions; for example, the NIS provider needs all permissions if they arent granted, it silently fails. If the login modules and other extensions are installed as standard extensions this isnt an issue, as they are given all permissions by the default Java policy files.

15.3.3 Running the Example

Now well go through the steps required to run the simple code example shown earlier. We assume for this example that youve downloaded the online code examples into the directory files C:\ files and that your current working directory is filesjavasecsamplesch15. If you downloaded the code into a different directory, youll need to change some of the pathnames in the example. In case youre typing in the code and configuration files yourself, well point out the location where each one needs to go. Here are the steps required to run the example: Partition the code into setup and action code. In our case, the setup code is the CountFiles class and the action code is the CountFilesAction class. The CountFiles.java file should be located in the current directory and the CountFilesAction.java file should be located in the directory .actionsjavasecsamplesch15. This type of partitioning will allow us to create separate policy files for the setup code and the action code. 1. Compile the sample code. Since weve segregated the code, we must set the classpath when we compile it. On Solaris, we execute this command: piccolo javac −classpath ......:actions CountFiles.java On Microsoft Windows, the command looks like this: C:\files javac −classpath ..\..\..;actions CountFiles.java Note that this command compiles both source files since the CountFiles class references the CountFilesAction class; thats why we specified both directories in the classpath. 2. Create the login configuration file. 3. This entails determining which login module you want to use. In the sample code online, we provide a configuration file that uses a simple login module named SimpleLoginModule that we write later in this chapter. The configuration file looks like this: CountFiles { javasec.samples.ch15.SimpleLoginModule required; }; You can use any other login modules as long as they do not require a callback mechanism to obtain information from the user our sample program doesnt implement that yet. The Solaris and NT login modules are good candidates to use since they dont require callbacks; we chose to use the SimpleLoginModule for this example because it works on all platforms, including Microsoft Windows 9598. The name and location of this file are arbitrary; in subsequent steps we assume that the file is called login.conf and is located in the current directory. If youre using the simple login module, youll need to compile it and its associated files: piccolo javac −classpath ...... Simple.java Create the JAAS policy file. In the sample code online, policy.jaas is such a file. It looks like this: grant codebase file:filesjavasecsamplesch15actions Principal javasec.samples.ch15.SimplePrincipal defaultUser { permission java.io.FilePermission {}files, read; }; If you downloaded the code into a directory other than files, you need to change the codebase in this file. The name and location of this file are arbitrary; in subquent steps we assume that the file is called policy.jaas and is located in the current directory. This file allows the user with the ID defaultUser running classes loaded from the filesjavasecsamplesch15actions codebase to read the files directory. 4. Create the standard policy file. In the sample code online, policy is such a file. It looks like this: grant codebase file:files { permission java.security.AllPermission; }; As with all policy files, its name and location are arbitrary. This file causes classes loaded from the files codebase to be given permission to perform any operations. Remember that the codebase doesnt include the package name, so the class file filesjavasecsamplesch15CountFiles.class in the package javasec.samples.ch15 will be given this permission. 5. To run the program, you must specify the following arguments: An appropriate classpath like the one we used to compile ♦ −Djava.security.manager to enable access checking ♦ −Djava.security.policy to point to the standard policy file ♦ −Djava.security.auth.policy to point to the JAAS policy file ♦ −Djava.security.auth.login.config to point to the login configuration file ♦ For our example, it gives us this command line on Microsoft Windows systems: C:\files\javasec\samples\ch15 java −classpath ..\..\..;actions \ 6. 302