Date: Fri, 25 May 2001 18:23:51 -0700Reply-to: java-security@sun.comsender: java-sender@sun.comfrom: charlie lai
Content-Type:
Text / plain; charset = US-ASCII
> We are trying to implement in jaas in one of our projects, the> clarifications we need are >> 1. Which are the web server's support jaas authentication.> 2.Which are the web server's support jaas authorisation> 3. Whether weblogic6. 0 supports jaas authorisationunfortunately, i'm not sure about the answers to the above questions.> 4. Is it necessary to have java.security.policy (java policy), with only> java.security.auth.policy (jaas policy) We can't make jaas authorisation >> is there any way to ketain the policy object Dynamically (We don't want to> Keep the policy object as a file java.security.poliy or> java.security.auth.policy) WE are able to create the policy object with> out a file by making changes in java.security file but we are not able to> add permissions to this file dynamically .the policy implementation does not have to reside in a file.you can implement your OWN Policy and Have The Contents Residein A Database or Server if You Choose. The Default IMPLEmentationSimply uses a file. you could set your policy by using thePolicy.setPolicy API.as for dynamic permissions, the next release of the JDK (1.4) will have better support for dynamic permissions. therefore if yourefresh the policy, the updates will affect not only newly loaded classes, but previously loaded classes as well.> Our understanding on jaas is whenever we call doAs method the object send> will make checking java.security.auth.policy (jaas policy) first and then it> will check with java. SECURITY.POLICY (Java Policy) and the IT Will Give> Result. this is not happening if we add permission directly to the policy>
