[jboss-remoting-commits] JBoss Remoting SVN: r3917 - remoting2/branches/2.x/src/etc.

jboss-remoting-commits at lists.jboss.org jboss-remoting-commits at lists.jboss.org
Wed Apr 9 02:59:23 EDT 2008 

Author: ron.sigal at jboss.com
Date: 2008-04-09 02:59:23 -0400 (Wed, 09 Apr 2008)
New Revision: 3917

Added:
   remoting2/branches/2.x/src/etc/remoting.security.policy.tests.marshal
Log:
JBREM-920, JBREM-934: New policy file for remote classloading marshal tests.

Added: remoting2/branches/2.x/src/etc/remoting.security.policy.tests.marshal
===================================================================
--- remoting2/branches/2.x/src/etc/remoting.security.policy.tests.marshal	                        (rev 0)
+++ remoting2/branches/2.x/src/etc/remoting.security.policy.tests.marshal	2008-04-09 06:59:23 UTC (rev 3917)
@@ -0,0 +1,136 @@
+// JBoss, Home of Professional Open Source
+// Copyright 2005, JBoss Inc., and individual contributors as indicated
+// by the @authors tag. See the copyright.txt in the distribution for a
+// full listing of individual contributors.
+//
+// This is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation; either version 2.1 of
+// the License, or (at your option) any later version.
+//
+// This software is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public
+// License along with this software; if not, write to the Free
+// Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+// 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+//
+
+//****************************************************************************************************************************************************************
+//****************************************************************************************************************************************************************
+//******************************************************************
+//****   Permissions needed by Remoting to run the test suite   ****
+//******************************************************************
+//******************************************************************     
+
+grant codeBase "file:${build.home}/output/lib/jboss-remoting.jar"
+{
+    // Permission to read test keystores
+    permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}-", "read";
+    
+    // Permission for org.jboss.remoting.callback.CallbackStore
+    permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}-", "read, write, delete";
+    
+    // org.jboss.test.remoting.detection.metadata.MetadataTestCase
+    permission javax.management.MBeanPermission "org.jboss.test.remoting.detection.metadata.MetadataTestCase$TestNetworkRegistry#-[remoting:type=NetworkRegistry]", "isInstanceOf";
+
+    // org.jboss.ant.taskdefs.XMLJUnitMultipleResultFormatter calls
+    // org.jboss.remoting.util.SystemUtility
+    permission java.util.PropertyPermission "jboss-junit-configuration", "read";
+};
+
+
+//****************************************************************************************************************************************************************
+//****************************************************************************************************************************************************************
+//****************************************************************************
+//****                  Permissions used by the test suite                ****
+//****                          (tests.marshall)                          ****
+//****************************************************************************
+//****************************************************************************
+
+grant codeBase "file:${build.home}/output/lib/jboss-remoting-tests.jar"
+{
+    permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}classloader${/}race${/}test.jar", "read";
+
+    // Used by the descendents of org.jboss.test.remoting.shutdown.ShutdownTestParent.
+    permission java.io.FilePermission "<<ALL FILES>>", "execute";
+    
+    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+
+    permission java.lang.RuntimePermission "enableContextClassLoaderOverride";
+    permission java.lang.RuntimePermission "createClassLoader";
+    permission java.lang.RuntimePermission "getClassLoader";
+    permission java.lang.RuntimePermission "setContextClassLoader";
+        
+    permission javax.management.MBeanTrustPermission "register";
+
+    permission javax.management.MBeanServerPermission "createMBeanServer, findMBeanServer";
+    permission javax.management.MBeanPermission "org.jboss.remoting.transport.*#-[jboss.remoting:service=invoker,*]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf";
+    permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[jboss.remoting:type=Connector,*]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf";
+    permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[test:type=connector]", "registerMBean";
+    permission javax.management.MBeanPermission "org.jboss.test.remoting.detection.metadata.MetadataTestCase$TestNetworkRegistry#-[remoting:type=NetworkRegistry]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf, addNotificationListener";
+    permission javax.management.MBeanPermission "org.jboss.remoting.network.NetworkRegistry#-[remoting:type=NetworkRegistry]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf, addNotificationListener";
+    permission javax.management.MBeanPermission "org.jboss.remoting.detection.multicast.MulticastDetector#-[remoting:*]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf";
+    permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#-[jboss:type=serversocketfactory]", "registerMBean, queryMBeans, isInstanceOf";
+    permission javax.management.MBeanPermission "org.jboss.test.remoting.transport.config.FactoryConfigTestCaseParent$SelfIdentifyingServerSocketFactory#-[jboss:type=serversocketfactory]", "registerMBean, queryMBeans, isInstanceOf";
+    permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#-[jboss:type=serversocketfactory2]", "registerMBean";
+    permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#createServerSocket[jboss:*]", "invoke";
+    permission javax.management.MBeanPermission "org.jboss.test.remoting.transport.rmi.ssl.config.FactoryConfigTestCase$SerializableServerSocketFactory#-[jboss:type=serversocketfactory]", "registerMBean";
+    permission javax.management.MBeanPermission "org.jboss.test.remoting.transport.rmi.ssl.config.FactoryConfigTestCase$SerializableServerSocketFactory#-[jboss:type=serversocketfactory2]", "registerMBean";
+    permission javax.management.MBeanPermission "org.jboss.remoting.transport.socket.SocketServerInvoker#Configuration[jboss.remoting:service=invoker,*]", "getAttribute";
+    
+    // This is technically the JNP server, but it seems intentional - note that this might mask other problems though
+    permission java.net.SocketPermission "*:*", "accept, connect, resolve";
+
+    // TODO - this stuff ought to be in privileged blocks within the Ant JUnit task
+    permission java.util.PropertyPermission "*", "read, write"; // ugh
+    
+    // Used by org.jboss.test.remoting.marshall.dynamic.remote.http.HTTPMarshallerLoadingTestCase.getExtendedServerClasspath(), 
+    //         org.jboss.test.remoting.marshall.dynamic.remote.socket.SocketMarshallerLoadingTestCase.getExtendedServerClasspath().
+    permission java.util.PropertyPermission "loader.path", "read";
+
+    // TESTING ONLY - Use with the LoggingSecurityManager to locate needed permissions for the above block
+//    permission java.security.AllPermission;
+
+/////////////////////////////////////////////////////////////////////////////////////////////
+// TODO - We should use a version of JBoss logging + log4j that does this stuff in privileged blocks
+
+      permission java.io.FilePermission "${build.home}${/}src${/}etc${/}log4j.properties", "read";
+      permission java.io.FilePermission "${build.home}${/}src${/}etc${/}log4j.xml", "read";
+      permission java.io.FilePermission "${build.home}${/}lib${/}apache-log4j${/}lib${/}log4j.jar", "read";
+      permission java.io.FilePermission "${build.home}${/}output${/}classes${/}-", "read";
+      permission java.lang.RuntimePermission "accessClassInPackage.*";
+      permission java.util.PropertyPermission "org.jboss.logging.Logger.pluginClass", "read";
+      permission java.util.PropertyPermission "log4j.defaultInitOverride", "read";
+      permission java.util.PropertyPermission "elementAttributeLimit", "read";
+      permission java.util.PropertyPermission "maxOccurLimit", "read";
+      permission java.util.PropertyPermission "entityExpansionLimit", "read";
+      permission java.util.PropertyPermission "javax.xml.parsers.DocumentBuilderFactory", "read";
+      permission java.util.PropertyPermission "log4j.ignoreTCL", "read";
+      permission java.util.PropertyPermission "log4j.configuratorClass", "read";
+      permission java.util.PropertyPermission "log4j.configDebug", "read";
+      permission java.util.PropertyPermission "log4j.debug", "read";
+      permission java.util.PropertyPermission "log4j.configuration", "read";
+      permission java.util.PropertyPermission "org.apache.commons.logging.LogFactory", "read";
+      permission java.util.PropertyPermission "org.apache.commons.logging.Log", "read";
+};
+
+//****************************************************************************************************************************************************************
+//****************************************************************************************************************************************************************
+//******************************************************************
+//****           Permissions for third party libraries          ****
+//******************************************************************
+//******************************************************************
+
+grant codeBase "file:/${build.home}/lib/-"
+{
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:/${ant.library.dir}/-"
+{
+    permission java.security.AllPermission;
+};

More information about the jboss-remoting-commits mailing list