The aglet's policy file parser
(com.ibm.aglets.security.PolicyFileReader) does not
interpret the 'keystore' directive. Instead, it throws
Furthermore (and more significant) the Aglets
Framework does not seem to support code authentication
based on signed jar files, DESPITE WHAT IS WRITTEN in
the aglets book, page 185, and at
The framework simply IGNORES the 'signedBy' directive
(although the PolicyFileReader parses it), granting
persmissions to unsigned code.
I don't know if it is a bug in the AgletClassLoader
(which extends ClassLoader, NOT SecureClassLoader or
URLClassLoader) or the JarAgletClassLoader, or in the
As it is obvious from AgletRunTime, the keystore used
for user authentication is (unless otherwise
Log in to post a comment.