Skip to main content
IBM  
Shop Support Downloads
IBM Home Products Consulting Industries News About IBM
IBM developerWorks : Java : Education - Tutorials
Java security, Part 2: Authentication and authorization		ZIPPDF (letter)PDF (A4)e-mail
Main menuSection menuFeedbackPreviousNext
4. Authorization in JAAS
  


Policy files page 6 of 9


Policy files are the main mechanism to control access to system resources, including sensitive code. The policy file in this example is named jaas.policy, and is specified in the Java command line by the property -Djava.security.policy==jaas.policy. The double equals sign (==) replaces the system policy file, instead of adding to the system policy file permissions. Here's the jaas.policy file we're working with in this tutorial:


grant {
     permission javax.security.auth.AuthPermission "createLoginContext";
     permission javax.security.auth.AuthPermission "doAs";
     permission javax.security.auth.AuthPermission "doAsPrivileged";
     permission javax.security.auth.AuthPermission "modifyPrincipals";
     permission javax.security.auth.AuthPermission "getSubject"; };

grant      principal PrincipalImpl "Brad" {
     permission PersonnelPermission "access";
};

The system must have certain permissions -- that is, the first five in the example -- in order to bootstrap the JAAS mechanism. With those in place, the principal known as "Brad" is granted access to the PersonnelPermission user-defined permission.


Main menuSection menuFeedbackPreviousNext
Privacy Legal Contact