[jboss-cvs] JBossAS SVN: r104174 - branches/JBPAPP_5_0/main/src/bin.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Apr 22 15:17:41 EDT 2010
Author: fnasser at redhat.com
Date: 2010-04-22 15:17:41 -0400 (Thu, 22 Apr 2010)
New Revision: 104174
Added:
branches/JBPAPP_5_0/main/src/bin/server.policy.cert
Log:
JBPAPP-4019: include the public key file of code signing to be in the bin direct (anil.saldhana at jboss.com)
Copied: branches/JBPAPP_5_0/main/src/bin/server.policy.cert (from rev 103054, branches/JBPAPP_5_0_1/main/src/bin/server.policy.cert)
===================================================================
--- branches/JBPAPP_5_0/main/src/bin/server.policy.cert (rev 0)
+++ branches/JBPAPP_5_0/main/src/bin/server.policy.cert 2010-04-22 19:17:41 UTC (rev 104174)
@@ -0,0 +1,64 @@
+// The Java2 security policy for EAP5 with signed jars
+// Install with -Djava.security.policy==server.policy.cert
+// and -Djboss.home.dir=path_to_jboss_distribution
+
+keystore "file:${java.home}/lib/security/cacerts";
+
+// ***************************************
+// Trusted core Java code
+//***************************************
+grant codeBase "file:${java.home}/lib/ext/-" {
+ permission java.security.AllPermission;
+};
+grant codeBase "file:${java.home}/lib/*" {
+ permission java.security.AllPermission;
+};
+// For java.home pointing to the JDK jre directory
+grant codeBase "file:${java.home}/../lib/*" {
+ permission java.security.AllPermission;
+};
+
+
+// ***************************************
+// Trusted core JBoss code
+//***************************************
+grant codeBase "file:${jboss.home.dir}/bin/run.jar" {
+ permission java.security.AllPermission;
+};
+
+grant signedBy "jboss" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/quartz-ra.rar/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.home.dir}/server/default/deploy/uuid-key-generator.sar/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission javax.management.MBeanPermission "*", "getAttribute";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup,rebind,unbind";
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/http-invoker.sar/invoker.war/-" {
+ permission javax.management.MBeanPermission "*", "addNotificationListener,getAttribute";
+ permission javax.management.MBeanServerPermission "findMBeanServer";
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+
+//****************************************************************
+// Default block of permissions
+// Minimal permissions are allowed to everyone else
+//****************************************************************
+grant {
+ permission java.io.FilePermission "${jboss.server.home.dir}/tmp/-", "read";
+ permission java.io.FilePermission "${jboss.home.dir}/common/lib/quartz.jar/org/quartz/quartz.properties", "read";
+ permission java.io.FilePermission "${jboss.home.dir}/common/lib/quartz.jar", "read";
+ permission java.io.FilePermission "${jboss.home.dir}/common/lib", "read";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup";
+ permission java.io.FilePermission "quartz.properties", "read";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.lang.RuntimePermission "queuePrintJob";
+};
More information about the jboss-cvs-commits
mailing list