[jboss-cvs] JBossAS SVN: r76434 - branches/JBPAPP_4_3_0_GA_CC/system/src/bin.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Jul 29 15:20:09 EDT 2008
Author: pskopek at redhat.com
Date: 2008-07-29 15:20:09 -0400 (Tue, 29 Jul 2008)
New Revision: 76434
Modified:
branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy
Log:
Security policy fixes to make JBoss start with security manager on.
Modified: branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy
===================================================================
--- branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy 2008-07-29 19:18:05 UTC (rev 76433)
+++ branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy 2008-07-29 19:20:09 UTC (rev 76434)
@@ -41,88 +41,128 @@
grant codeBase "file:${jboss.server.home.dir}/lib/-" {
permission java.security.AllPermission;
};
+//grant codeBase "file:${jboss.server.home.dir}/conf/-" {
+// permission java.security.AllPermission;
+//};
+grant codeBase "file:${jboss.server.home.dir}/-" {
+ permission javax.management.MBeanTrustPermission "*";
+// permission java.io.FilePermission "file:${jboss.server.home.dir}/-", "read,write,delete";
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+ permission javax.management.MBeanPermission "*", "*";
+
+ permission java.lang.RuntimePermission "setContextClassLoader";
+ permission java.lang.RuntimePermission "accessDeclaredMembers";
+ permission java.lang.RuntimePermission "createClassLoader";
+ permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.setPrincipalInfo";
+ permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.getPrincipalInfo";
+ permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.setRunAsRole";
+
+ permission java.util.PropertyPermission "*", "read,write";
+ permission java.security.SecurityPermission "getProperty.package.definition";
+ permission java.security.SecurityPermission "setProperty.package.definition";
+ permission java.security.SecurityPermission "getProperty.package.access";
+ permission java.security.SecurityPermission "setProperty.package.access";
+ permission java.security.SecurityPermission "setPolicy";
+ permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+ // TODO: specify exact ports
+ permission java.net.SocketPermission "*:1024-", "accept,listen";
+ permission java.util.logging.LoggingPermission "control";
+
+ permission javax.security.auth.AuthPermission "doAsPrivileged";
+
+};
+
+//grant codeBase "file:${jboss.server.home.dir}/tmp/-" {
+// permission java.io.FilePermission "file:${jboss.server.home.dir}/-", "read,write,delete";
+// permission javax.management.MBeanPermission "*", "*";
+//};
+
// Trust all the jars in the server lib that JBoss has shipped
-grant codeBase "file:${jboss.home.dir}/lib/activation.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/antlr.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/autonumber-plugin.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/avalon-framework.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/bcel.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/bindingservice-plugin.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/bsf.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/bsh-deployer.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/bsh.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/cglib.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/commons-codec.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/commons-collections.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/commons-httpclient.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/commons-logging.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/dom4j.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/ejb3-persistence.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/el-api.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/hibernate3.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/hibernate-annotations.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/hibernate-entitymanager.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/hsqldb.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/hsqldb-plugin.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jacorb.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/javassist.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jaxen.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-cache-jdk50.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-common-jdbc-wrapper.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-ejb3x.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jbossha.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-hibernate.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-iiop.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-j2ee.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-jaxrpc.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-jaxws.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-jca.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-jsr77.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-jsr88.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jbossjta-integration.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jbossjta.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-management.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-messaging-client.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-messaging.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-monitoring.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jbossemoting-int.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jbossemoting.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-saaj.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-serialization.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-srp.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jbosssx.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-transaction.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jbossts-common.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-vfs.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jbossws-common.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jbossws-framework.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jbossws-jboss42.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jbossws-spi.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jgroups.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jmx-adaptor-plugin.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jnpserver.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/joesnmp.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jpl-pattern.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jpl-util.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jsp-api.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/log4j.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/log4j-snmp-appender.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/mail.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/mail-plugin.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/properties-plugin.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/quartz.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/scheduler-plugin-example.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/scheduler-plugin.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/servlet-api.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/xmlentitymgr.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-system.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-jmx.jar" { permission java.security.AllPermission; };
-grant codeBase "file:${jboss.home.dir}/lib/jboss-common.jar" { permission java.security.AllPermission; };
+grant codeBase "file:${jboss.home.dir}/lib/-" {
+ permission java.security.AllPermission;
+};
+//grant codeBase "file:${jboss.home.dir}/lib/activation.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/antlr.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/autonumber-plugin.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/avalon-framework.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/bcel.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/bindingservice-plugin.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/bsf.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/bsh-deployer.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/bsh.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/cglib.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/commons-codec.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/commons-collections.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/commons-httpclient.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/commons-logging.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/dom4j.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/ejb3-persistence.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/el-api.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/hibernate3.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/hibernate-annotations.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/hibernate-entitymanager.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/hsqldb.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/hsqldb-plugin.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jacorb.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/javassist.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jaxen.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-cache-jdk50.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-common-jdbc-wrapper.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-ejb3x.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jbossha.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-hibernate.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-iiop.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-j2ee.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-jaxrpc.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-jaxws.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-jca.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-jsr77.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-jsr88.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jbossjta-integration.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jbossjta.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-management.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-messaging-client.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-messaging.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-monitoring.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jbossemoting-int.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jbossemoting.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-saaj.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-serialization.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-srp.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jbosssx.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-transaction.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jbossts-common.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-vfs.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jbossws-common.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jbossws-framework.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jbossws-jboss42.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jbossws-spi.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jgroups.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jmx-adaptor-plugin.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jnpserver.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/joesnmp.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jpl-pattern.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jpl-util.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jsp-api.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/log4j.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/log4j-snmp-appender.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/mail.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/mail-plugin.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/properties-plugin.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/quartz.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/scheduler-plugin-example.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/scheduler-plugin.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/servlet-api.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/xmlentitymgr.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-system.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-jmx.jar" { permission java.security.AllPermission; };
+//grant codeBase "file:${jboss.home.dir}/lib/jboss-common.jar" { permission java.security.AllPermission; };
+
//**************************************************************
//
// Section 3: JBoss EAP Testsuite Permissions
More information about the jboss-cvs-commits
mailing list