thanks.
=================================================
1) A new JWS user is created in the certificate realm using:
com.sun.server.realm.certificate.CertificateRealm.createUser()
2) The user's certificate seems to be fine and is stored at:
data/certificateRealm/certificates
3) Now, another servlet checks this user's exisitence in the
certificate realm and creates a new Acl (within the cert realm)
and includes an entry for the user created in #1 & #2. This
is done using:
owner = certRealm.getUser("admin");
user = certRealm.getUser(userName);
acl = certRealm.addAcl(aclName, owner);
user = certRealm.getUser(userName);
entry = new AclEntryImpl (user);
for (int i = 0; i < perms.length; i++)
entry.addPermission(perms[i]);
if (acl.addEntry(owner, entry) == false)
System.out.println("Failed to add entry: " + entry);
4) However, the AclEntry does not seem to get properly "added"
into the newly created acl since the acl file does not seem to
have all the relevant X.500 principal related information about
the entry. E.g., after above entry addition, the acl file: test.acl
in data/certificateRealm is:
0000000 \0 \0 \0 005 + U s e r \0 \0 \0 212 0 \0 \0
0000020 \0 003 G e t
0000025
5) Because the entry did not get properly added to the acl, when
we retrieve the acl later on (by doing certRealm.getAcl(aclName)),
we get following exception:
javawebserver: java.lang.NullPointerException
javawebserver: at sun.security.x509.X500Name.parseDER(X500Name.java:351)
javawebserver: at sun.security.x509.X500Name.<init>(X500Name.java:172)
javawebserver: at
com.sun.server.realm.certificate.CertificateAcl.readEntry(CertificateAc
l.java:280)
javawebserver: at
com.sun.server.realm.certificate.CertificateAcl.loadAcl(CertificateAcl.
java:103)
javawebserver: at
com.sun.server.realm.certificate.CertificateAclInfo.getAcl(CertificateA
clInfo.java:118)
javawebserver: at
com.sun.server.realm.certificate.CertificateRealm.getAcl(CertificateRea
lm.java:109)
I am not sure why the AclEntry is not successfully being added
to newly created Acl since all the Certificate Realm user
information is available in the usre's certificate stored in
data/certificateRealm/certificates.
Also, the JWS processes are owned by the same user that owns the
complete directory under /JavaWebServer1.1 (including /realms).
When I attempt to add the "admin" user as a new AclEntry
to this acl, it seems to be added fine. However, as soon as I
add a newly created certficate realm user, the acl entry is incomplete,
and fails to load when I try to do certRealm.get(aclName).
I'm also not sure why isn't acl.addEntry not raising an exception
if it is failing to update the acl properly.
This problem recently started on Solaris and is not a problem
on NT. I'm suspecting that there are filesystem problems, but
every thing checks out fine w.r.t directory/file permission.
Also, does any one know why the JWS create an *.acl.tmp
file initially?
thanks.
-- Zahid Ahmed Veo Systems Inc.(formerly CNgroup, Inc.) Commerce Security Architect zahmed@veosystems.com http://www.veosystems.com v:(650) 623-2814 2440 West El Camino Real, Floor 7 fax:(650) 938-8055 Mountain View, CA 94040