I struggled with this one. Here’s how to get JNA and Waffle to work under a Java security manager. In my case I have a Tomcat 5.5 which is launched with -security. Here’s the complete command-line.
@echo off
setlocal
set JAVA_OPTS=-Djava.security.auth.login.config="webapps/waffle-jaas/login.conf" -Djava.security.auth.policy="webapps/waffle-jaas/jaas.policy"
call bin/catalina.bat run -security
endlocalPlace all the JARs in waffle/lib and added the folder to the common class loader in conf/catalina.properties. You can just put the files in common/lib of course.
common.loader=...,${catalina.base}/waffle/lib/*.jarGrant JNA permissions for your web applications in conf/catalina.policy _and allow it to load a native library from a temporary location. JNA also tries to unpack _jnidispatch.dll for the proper platform into a temporary location from its own JAR, and then load it. If the load fails you typically get a “java.lang.UnsatisfiedLinkError: jnidispatch (/com/sun/jna/win32-x86/jnidispatch.dll) not found in resource path” exception.
The grants in my conf/catalina.policy look like this.
grant {
...
// JNA
permission java.util.PropertyPermission "jna.boot.library.path", "read";
permission java.lang.RuntimePermission "loadLibrary.jnidispatch";
};
grant codeBase "file:${catalina.home}/waffle/lib/-" {
permission java.security.AllPermission;
};
Because we’re dealing with authenticators in Waffle, grant catalina authenticator and realm classes runtime permissions.
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.*";
With this I was able to run all Waffle demos.