Domino Agent struggling with Java security using third party jar in /jvm/lib/ext

Question

I am running into a Java security problem. I have an agent which uses the pdfbox-1.7.1.jar to decrypt a PDF whose password I know. The jar has been placed in /jvm/lib/ext on

Answer 1

Thanks to Richard, Simon, Mark Myers, and giulio for looking at the question.

I finally got round to understanding Mikkel's article (by reading it really slowly) on:

http://lekkimworld.com/2013/06/20/java_in_notes_domino_explained_on_java_security_and_how_it_relates_to_notes_domino.html

The solution was easier than I thought, I was confused by the reflection example.

It's a more elegant way than modifying the java.policy file (which I didn't manage, btw).

I modified the class that was creating troubles when I was calling its decrypt() method by adding a new method dopriviledgeddecrypt() which is a cunning wrapper around the method that was causing troubles. I then modified all the callers to PDFDecryptor.decrypt() so that they were calling PDFDecryptor.dopriviledgeddecrypt(). The last step involves exporting the whole class to a jar file, which is then placed in the \jvm\lib\ext folder on both the machine where you are developing (in the client) and on all the servers where this code will run.

I was also unable to find out whether there is a syntax for modifying the java.policy file so that it affects only a single Notes Database. (Update: I now know that this is not possible)

package com.magerman.hremail.prep1docc;

public class PDFDecryptor {

/**
 * Instantiates a new pDF decryptor.
 * 
 * @param inputFile
 *            the input file
 * @param inputPassword
 *            the input password
 */
public PDFDecryptor(final File inputFile, final String inputPassword) {
originalFile = inputFile;
password = inputPassword;
}

/**
 * Decrypt. Given an inputted PDF File, will try to remove the security of
 * the PDF and save in-place. Done after the attachments have been extracted
 */
public final void decrypt() {
// naughty code here
}


public final void doproviledgeddecrypt() throws Exception {
AccessController.doPrivileged(new PrivilegedExceptionAction() {
    public Object run() throws Exception {
    PDFDecryptor.this.decrypt();
    return null;
    }
});
}

}