[jboss-cvs] JBossAS SVN: r80848 - branches/JBPAPP_4_2_0_GA_CP/system/src/bin.

Wed Nov 12 04:48:27 EST 2008

Author: pskopek at redhat.com
Date: 2008-11-12 04:48:27 -0500 (Wed, 12 Nov 2008)
New Revision: 80848

Modified:
   branches/JBPAPP_4_2_0_GA_CP/system/src/bin/security_cc.policy
Log:
JBOSSCC-7: Policy changes regarding oracle JDBC driver. Minor tidy up and missing permission added.

Modified: branches/JBPAPP_4_2_0_GA_CP/system/src/bin/security_cc.policy
===================================================================

--- branches/JBPAPP_4_2_0_GA_CP/system/src/bin/security_cc.policy	2008-11-12 09:22:14 UTC (rev 80847)
+++ branches/JBPAPP_4_2_0_GA_CP/system/src/bin/security_cc.policy	2008-11-12 09:48:27 UTC (rev 80848)
@@ -542,6 +542,8 @@
    permission javax.security.auth.AuthPermission "modifyPrincipals";
    
    permission javax.security.auth.PrivateCredentialPermission "javax.resource.spi.security.PasswordCredential * \"*\"", "read";
+   permission javax.security.auth.PrivateCredentialPermission "javax.crypto.spec.SecretKeySpec * \"*\"", "read";
+   permission javax.security.auth.PrivateCredentialPermission "org.jboss.security.srp.SRPParameters * \"*\"", "read";
 
    permission java.security.SecurityPermission "getPolicy";
    permission java.lang.RuntimePermission "accessClassInPackage.*";
@@ -551,7 +553,8 @@
 
    permission javax.security.auth.AuthPermission "createLoginContext.*";
    permission javax.security.auth.AuthPermission "getLoginConfiguration";
-
+   
+   permission java.net.SocketPermission "*", "connect,accept,resolve";
 };
 
 
@@ -567,12 +570,25 @@
    permission java.util.PropertyPermission "*", "read";
    permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
    permission java.security.SecurityPermission "putProviderProperty.JBossSX";
-   permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>", "bind,rebind,unbind,lookup,list,listBindings,createSubcontext"; 
+   permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>", "bind,rebind,unbind,lookup,list,listBindings,createSubcontext";
 };
 
-// Following JDBC driver is included just for CC test purpose 
+// Following JDBC driver is included just for CC test purpose. 
+// Uncomment this when testing agains Oracle DB or create your own for DB you are using.
 grant codeBase "file:${jboss.server.home.dir}/lib/ojdbc14.jar" {
-   permission java.security.AllPermission;
+   permission java.net.SocketPermission "dev68.qa.atl2.redhat.com:1521", "connect";
+
+   permission java.util.PropertyPermission "oracle.net.wallet_location", "read";
+   permission java.util.PropertyPermission "oracle.jdbc.TcpNoDelay", "read";
+   permission java.util.PropertyPermission "oracle.jdbc.defaultNChar", "read";
+   permission java.util.PropertyPermission "oracle.jdbc.useFetchSizeWithLongColumn", "read";
+   permission java.util.PropertyPermission "oracle.jdbc.convertNcharLiterals", "read";
+   permission java.util.PropertyPermission "oracle.jdbc.V8Compatible", "read";
+   permission java.util.PropertyPermission "oracle.jdbc.J2EE13Compliant", "read";
+   permission java.util.PropertyPermission "oracle.jdbc.FastConnectionFailover", "read";   
+   permission java.util.PropertyPermission "oracle.net.tns_admin", "read";
+   permission java.util.PropertyPermission "line.separator", "read";
+   permission java.util.PropertyPermission "user.name", "read";
 };
 
 //*******************End JBoss EAP Testsuite Permissions*********
@@ -585,7 +601,5 @@
 //**************************************************************
 // Minimal permissions are allowed to everyone else
 grant {
-   permission java.util.PropertyPermission "*", "read";
    permission java.lang.RuntimePermission "queuePrintJob";
-   permission java.net.SocketPermission "*", "connect";
 };


