Daniel Doubrovkine bio photo

Daniel Doubrovkine

aka dB., CTO at artsy.net, fun at playplay.io, NYC

Email Twitter LinkedIn Github

I struggled with this one. Here’s how to get JNA and Waffle to work under a Java security manager. In my case I have a Tomcat 5.5 which is launched with -security. Here’s the complete command-line.

@echo off
setlocal
set JAVA_OPTS=-Djava.security.auth.login.config="webapps/waffle-jaas/login.conf" -Djava.security.auth.policy="webapps/waffle-jaas/jaas.policy"
call bin/catalina.bat run -security
endlocal

Place all the JARs in waffle/lib and added the folder to the common class loader in conf/catalina.properties. You can just put the files in common/lib of course.

common.loader=...,${catalina.base}/waffle/lib/*.jar

Grant JNA permissions for your web applications in conf/catalina.policy _and allow it to load a native library from a temporary location. JNA also tries to unpack _jnidispatch.dll for the proper platform into a temporary location from its own JAR, and then load it. If the load fails you typically get a “java.lang.UnsatisfiedLinkError: jnidispatch (/com/sun/jna/win32-x86/jnidispatch.dll) not found in resource path” exception.

The grants in my conf/catalina.policy look like this.

grant {
    ...

    // JNA
    permission java.util.PropertyPermission "jna.boot.library.path", "read";
    permission java.lang.RuntimePermission "loadLibrary.jnidispatch";
};

grant codeBase "file:${catalina.home}/waffle/lib/-" {
        permission java.security.AllPermission;
};

Because we’re dealing with authenticators in Waffle, grant catalina authenticator and realm classes runtime permissions.

permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.*";

With this I was able to run all Waffle demos.