Saturday, March 1, 2008

A Java CAPS Custom Security Provider Enablement

Recently I had to enable a Java custom security provider implemented by a customer. The implementation is based on a set of JAR files included into Java Collaborations, providing some special signing and hashing security features.
To have that libraries working I just had to add few lines to the server.policy file, which resides into:
logicalhost\is\domains\domain1\config
being domain1 my target domain. The JAR files were put into
logicalhost\is\domains\domain1\lib\ext

Below the additional permissions fragment:

// Basic set of required permissions granted to all remaining code
grant {
...
// Java CAPS needs these permissions so that the Bouncy Castle provider can be used
permission java.security.SecurityPermission "insertProvider.BC";
permission java.security.SecurityPermission "removeProvider.BC";
permission java.security.SecurityPermission "putProviderProperty.BC";

//----------------------------------------------------------------------------
// "InnoSec" custom security provider
//----------------------------------------------------------------------------
permission java.security.SecurityPermission "insertProvider.InnoSec";
permission java.security.SecurityPermission "removeProvider.InnoSec";
permission java.security.SecurityPermission "putProviderProperty.InnoSec";
//----------------------------------------------------------------------------
...