Saturday, March 1, 2008

A Java CAPS Custom Security Provider Enablement

Recently I had to enable a Java custom security provider implemented by a customer. The implementation is based on a set of JAR files included into Java Collaborations, providing some special signing and hashing security features.
To have that libraries working I just had to add few lines to the server.policy file, which resides into: 
logicalhost\is\domains\domain1\config
being domain1 my target domain. The JAR files were put into 
logicalhost\is\domains\domain1\lib\ext

Below the additional permissions fragment:

// Basic set of required permissions granted to all remaining code
grant {
    ...
    // Java CAPS needs these permissions so that the Bouncy Castle provider can be used
    permission java.security.SecurityPermission "insertProvider.BC";
    permission java.security.SecurityPermission "removeProvider.BC";
    permission java.security.SecurityPermission "putProviderProperty.BC";
    
    //----------------------------------------------------------------------------
    //  "InnoSec" custom security provider
    //----------------------------------------------------------------------------
    permission java.security.SecurityPermission "insertProvider.InnoSec";
    permission java.security.SecurityPermission "removeProvider.InnoSec";
    permission java.security.SecurityPermission "putProviderProperty.InnoSec";
    //----------------------------------------------------------------------------
    ...
Pubblicato da Unknown a Saturday, March 01, 2008
Etichette: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)