Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#8 Policy file parser error and MORE...

open
nobody
Security (2)
9
2002-02-20
2002-02-20
No

The aglet's policy file parser
(com.ibm.aglets.security.PolicyFileReader) does not
interpret the 'keystore' directive. Instead, it throws
an exception.

Furthermore (and more significant) the Aglets
Framework does not seem to support code authentication
based on signed jar files, DESPITE WHAT IS WRITTEN in
the aglets book, page 185, and at
http://www.trl.ibm.com/aglets/relnotes11b1.html

The framework simply IGNORES the 'signedBy' directive
(although the PolicyFileReader parses it), granting
persmissions to unsigned code.

I don't know if it is a bug in the AgletClassLoader
(which extends ClassLoader, NOT SecureClassLoader or
URLClassLoader) or the JarAgletClassLoader, or in the
Policy implementation.

As it is obvious from AgletRunTime, the keystore used
for user authentication is (unless otherwise
specified) ${user.home}/.keystore.

Discussion

    • priority: 5 --> 9