Home > Archive > Java Security > March 2004 > Integrating java security API with host OS
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Integrating java security API with host OS
|
|
| Boris Bralo 2004-03-19, 8:54 pm |
| Hi all
I'd like to check if some user can access some file.
This is code snippet (exception handling ommited):
public static void main(String[] args) {
Subject s = new Subject();
// AD is configured kerberos login context
LoginContext lc = new LoginContext("AD",s,new TextCallbackHandler());
lc.login();
File f = new File("C:\\bin");
System.out.println("I " + (f.canRead() ?"can":"can not" ) + "read" );
Subject.doAsPrivileged(s, new PrivilegedAction() {
public Object run() {
File f = new File("C:\\bin");
System.out.println("You " + f.canRead());
return null;
}
},null);
}
I managed to logon onto Active Directory OK, but both File.canRead() fails
when snippet is ran with java -Djava.security.manager and pass when ran
without -D....,
regardless of login success.
Any ideas?
---
Boris
| |
| Boris Bralo 2004-03-19, 8:54 pm |
| Hi all,
I've done some research since initial posting and discovered
that I'm on my own and I'll have to wrap native API.
I think that's shame, beacuse java security infrastructure has
very good and complete authentication. For authorization,
you're left with policy file.
Is there a JCP for this ?
I don't belive that this isn't scratching the itch since, during my
research, I've see all kinds of wierd solutions for this problem. For
example, BEA uses System.exec() to spawn little utility executable named
wlauth to check permission on host OS. I'm trying to build an app for very
high traffic site, and I'll be so fired if I suggest something like that
:-).
---
Boris
> Hi all
>
> I'd like to check if some user can access some file.
> This is code snippet (exception handling ommited):
> public static void main(String[] args) {
>
> Subject s = new Subject();
>
> // AD is configured kerberos login context
>
> LoginContext lc = new LoginContext("AD",s,new TextCallbackHandler());
>
> lc.login();
>
> File f = new File("C:\\bin");
>
> System.out.println("I " + (f.canRead() ?"can":"can not" ) +
"read" );
>
> Subject.doAsPrivileged(s, new PrivilegedAction() {
>
> public Object run() {
>
> File f = new File("C:\\bin");
>
> System.out.println("You " + f.canRead());
>
> return null;
>
> }
>
> },null);
>
> }
>
> I managed to logon onto Active Directory OK, but both File.canRead() fails
> when snippet is ran with java -Djava.security.manager and pass when ran
> without -D....,
> regardless of login success.
>
> Any ideas?
>
> ---
>
> Boris
>
>
|
|
|
|
|