[jboss-cvs] JBossAS SVN: r77971 - branches/JBPAPP_4_3_0_GA_CC/system/src/bin.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Sep 4 09:03:09 EDT 2008
Author: pskopek at redhat.com
Date: 2008-09-04 09:03:09 -0400 (Thu, 04 Sep 2008)
New Revision: 77971
Modified:
branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy
Log:
Security policy tidying up.
Modified: branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy
===================================================================
--- branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy 2008-09-04 12:42:33 UTC (rev 77970)
+++ branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy 2008-09-04 13:03:09 UTC (rev 77971)
@@ -35,23 +35,28 @@
grant codeBase "file:${jboss.home.dir}/bin/-" {
permission java.security.AllPermission;
};
+
+// Trust all the jars in the server lib that JBoss has shipped
+grant codeBase "file:${jboss.home.dir}/lib/-" {
+ permission java.security.AllPermission;
+};
+
grant codeBase "file:${jboss.server.home.dir}/work/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${jboss.server.home.dir}/lib/-" {
permission java.security.AllPermission;
};
-//grant codeBase "file:${jboss.server.home.dir}/conf/-" {
-// permission java.security.AllPermission;
-//};
grant codeBase "file:${jboss.server.home.dir}/-" {
- permission javax.management.MBeanTrustPermission "*";
permission java.io.FilePermission "${jboss.server.home.dir}/-", "read,write,delete";
permission java.io.FilePermission "${java.io.tmpdir}", "read,write,delete";
-// permission java.io.FilePermission "<<ALL FILES>>", "read";
- permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+
+ // MBean permissions
+ permission javax.management.MBeanTrustPermission "*";
+ permission javax.management.MBeanServerPermission "findMBeanServer";
permission javax.management.MBeanPermission "*", "*";
permission java.lang.RuntimePermission "setContextClassLoader";
@@ -61,7 +66,6 @@
permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.getPrincipalInfo";
permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.setServer";
permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.setRunAsRole";
- permission java.lang.RuntimePermission "setIO";
permission java.lang.RuntimePermission "loadLibrary.tcnative-1";
permission java.lang.RuntimePermission "loadLibrary.libtcnative-1";
@@ -88,112 +92,33 @@
permission javax.security.auth.PrivateCredentialPermission "javax.resource.spi.security.PasswordCredential * \"*\"", "read";
// experimental
- permission java.lang.RuntimePermission "createSecurityManager";
- permission java.lang.RuntimePermission "setSecurityManager";
+ //permission java.lang.RuntimePermission "createSecurityManager";
+ //permission java.lang.RuntimePermission "setSecurityManager";
-};
+ permission java.security.SecurityPermission "getPolicy";
+ permission java.lang.RuntimePermission "accessClassInPackage.*";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+ permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.getSubject";
-//grant codeBase "file:${jboss.server.home.dir}/tmp/-" {
-// permission java.io.FilePermission "file:${jboss.server.home.dir}/-", "read,write,delete";
-// permission javax.management.MBeanPermission "*", "*";
-//};
+ permission javax.security.auth.AuthPermission "createLoginContext.*";
+ permission javax.security.auth.AuthPermission "getLoginConfiguration";
-// Trust all the jars in the server lib that JBoss has shipped
-grant codeBase "file:${jboss.home.dir}/lib/-" {
- permission java.security.AllPermission;
};
-//grant codeBase "file:${jboss.home.dir}/lib/activation.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/antlr.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/autonumber-plugin.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/avalon-framework.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/bcel.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/bindingservice-plugin.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/bsf.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/bsh-deployer.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/bsh.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/cglib.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/commons-codec.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/commons-collections.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/commons-httpclient.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/commons-logging.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/dom4j.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/ejb3-persistence.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/el-api.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/hibernate3.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/hibernate-annotations.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/hibernate-entitymanager.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/hsqldb.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/hsqldb-plugin.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jacorb.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/javassist.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jaxen.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-cache-jdk50.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-common-jdbc-wrapper.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-ejb3x.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jbossha.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-hibernate.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-iiop.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-j2ee.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-jaxrpc.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-jaxws.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-jca.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-jsr77.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-jsr88.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jbossjta-integration.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jbossjta.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-management.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-messaging-client.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-messaging.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-monitoring.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jbossemoting-int.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jbossemoting.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-saaj.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-serialization.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-srp.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jbosssx.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-transaction.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jbossts-common.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-vfs.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jbossws-common.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jbossws-framework.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jbossws-jboss42.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jbossws-spi.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jgroups.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jmx-adaptor-plugin.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jnpserver.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/joesnmp.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jpl-pattern.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jpl-util.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jsp-api.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/log4j.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/log4j-snmp-appender.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/mail.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/mail-plugin.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/properties-plugin.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/quartz.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/scheduler-plugin-example.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/scheduler-plugin.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/servlet-api.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/xmlentitymgr.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-system.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-jmx.jar" { permission java.security.AllPermission; };
-//grant codeBase "file:${jboss.home.dir}/lib/jboss-common.jar" { permission java.security.AllPermission; };
-
//**************************************************************
//
// Section 3: JBoss EAP Testsuite Permissions
//
//**************************************************************
-grant codeBase "file:${jboss.test.deploy.dir}/securitymgr-ejb.jar" {
- permission java.util.PropertyPermission "*", "read";
- permission java.lang.RuntimePermission "queuePrintJob";
- permission java.net.SocketPermission "*", "connect";
-};
+//grant codeBase "file:${jboss.test.deploy.dir}/securitymgr-ejb.jar" {
+// permission java.util.PropertyPermission "*", "read";
+// permission java.lang.RuntimePermission "queuePrintJob";
+// permission java.net.SocketPermission "*", "connect";
+//};
// Permissions for the WarPermissionsUnitTestCase
//Permissions for crypto tests (putProvider)
@@ -201,8 +126,6 @@
permission java.util.PropertyPermission "*", "read";
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
permission java.security.SecurityPermission "putProviderProperty.JBossSX";
- // !!!! Experimenal, should be changed to more specific
- //permission org.apache.naming.JndiPermission "*";
};
//*******************End JBoss EAP Testsuite Permissions*********
@@ -218,17 +141,4 @@
permission java.util.PropertyPermission "*", "read";
permission java.lang.RuntimePermission "queuePrintJob";
permission java.net.SocketPermission "*", "connect";
- permission java.security.SecurityPermission "getPolicy";
- permission java.lang.RuntimePermission "accessClassInPackage.*";
- permission java.lang.RuntimePermission "getClassLoader";
- permission java.lang.RuntimePermission "getProtectionDomain";
- permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.getSubject";
- permission javax.management.MBeanServerPermission "findMBeanServer";
- permission javax.management.MBeanPermission "org.jboss.mx.modelmbean.XMBean#*[JMImplementation:type=MBeanRegistry]", "*";
- permission javax.management.MBeanPermission "org.jboss.security.plugins.AuthorizationManagerService#*[jboss.security:service=AuthorizationManager]", "invoke";
- permission javax.management.MBeanPermission "org.jboss.security.auth.login.XMLLoginConfig#*[jboss.security:service=XMLLoginConfig]", "invoke";
- permission javax.management.MBeanPermission "org.jboss.security.plugins.JaasSecurityManagerService#*[jboss.security:service=JaasSecurityManager]", "invoke";
-
- permission javax.security.auth.AuthPermission "createLoginContext.*";
- permission javax.security.auth.AuthPermission "getLoginConfiguration";
};
More information about the jboss-cvs-commits
mailing list