[jboss-remoting-commits] JBoss Remoting SVN: r4084 - remoting2/branches/2.x.
jboss-remoting-commits at lists.jboss.org
jboss-remoting-commits at lists.jboss.org
Sat Apr 26 16:25:49 EDT 2008
Author: ron.sigal at jboss.com
Date: 2008-04-26 16:25:49 -0400 (Sat, 26 Apr 2008)
New Revision: 4084
Removed:
remoting2/branches/2.x/test.policy
Log:
JBREM-920, JBREM-934: Deleted unused security policy files.
Deleted: remoting2/branches/2.x/test.policy
===================================================================
--- remoting2/branches/2.x/test.policy 2008-04-26 20:21:20 UTC (rev 4083)
+++ remoting2/branches/2.x/test.policy 2008-04-26 20:25:49 UTC (rev 4084)
@@ -1,265 +0,0 @@
-//****************************************************************************************************************************************************************
-//****************************************************************************************************************************************************************
-//***************************************************
-//**** Permissions to run Remoting itself ****
-//***************************************************
-//***************************************************
-grant codeBase "file:${build.home}/output/classes/-"
-{
-/////////////////////////////////////////////////////////////////////////////////////////////
-// Used by remote class loading system
-
- permission java.lang.RuntimePermission "createClassLoader";
- permission java.lang.RuntimePermission "getClassLoader";
-
-/////////////////////////////////////////////////////////////////////////////////////////////
-// Used by:
-// org.jboss.remoting.security.SSLSOcketBuilder
-// org.jboss.remoting.transport.coyote.CoyoteInvoker
-// org.jboss.remoting.transport.http.HTTPClientInvoker
-// org.jboss.remoting.transport.servlet.web.ServerInvokerServlet
-// org.jboss.remoting.transporter.TransporterHandler
-// org.jboss.remoting.InvokerRegistry
-
- permission java.lang.RuntimePermission "accessClassInPackage.*";
-
-/////////////////////////////////////////////////////////////////////////////////////////////
-// Can't create sockets without it
-
- permission java.net.SocketPermission "*:*", "accept,connect,listen,resolve";
-
-/////////////////////////////////////////////////////////////////////////////////////////////
-// MBean permissions
-
- permission javax.management.MBeanServerPermission "createMBeanServer, releaseMBeanServer";
- permission javax.management.MBeanTrustPermission "register";
-
- // org.jboss.remoting.callback.ServerInvokerCallbackHandler
- permission javax.management.MBeanPermission "*#SSLSocketBuilder[*:*]", "getAttribute";
- permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryServiceMBean#-[*:*]", "isInstanceOf";
- permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#-[*:*]", "getClassLoaderFor, isInstanceOf";
-
- // org.jboss.remoting.detection.AbstractDetector
- permission javax.management.MBeanPermission "*#addServer[remoting:type=NetworkRegistry]", "invoke";
- permission javax.management.MBeanPermission "*#updateServer[remoting:type=NetworkRegistry]", "invoke";
- permission javax.management.MBeanPermission "*#removeServer[remoting:type=NetworkRegistry]", "invoke";
- permission javax.management.MBeanPermission "*#Servers[*:*]", "getAttribute";
-
- // org.jboss.remoting.detection.util.DetectorUtil
- permission javax.management.MBeanPermission "org.jboss.remoting.network.NetworkRegistry#-[remoting:type=NetworkRegistry]", "registerMBean";
- permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[jboss.remoting:type=Connector,*]", "registerMBean, queryMBeans, isInstanceOf";
-
- // org.jboss.remoting.ident.Identity
- permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "queryMBeans, isInstanceOf";
- permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#MBeanServerId[JMImplementation:type=MBeanServerDelegate]", "getAttribute";
- permission javax.management.MBeanPermission "-#ServerDataDir[jboss.system:type=ServerConfig]", "getAttribute";
-
- // org.jboss.remoting.network.NetworkRegistryFinder
- permission javax.management.MBeanPermission "*#-[*:*]", "queryMBeans";
-
- // org.jboss.remoting.network.NetworkRegistryQuery
- permission javax.management.MBeanPermission "org.jboss.remoting.network.NetworkRegistry#-[*:*]", "isInstanceOf";
-
- // org.jboss.remoting.security.CustomSSLServerSocketFactory
- permission javax.management.MBeanPermission "org.jboss.remoting.security.CustomSSLServerSocketFactory#*[*:*]", "invoke";
-
- // org.jboss.remoting.security.ServerSocketFactoryWrapper
- permission javax.management.MBeanPermission "*#createServerSocket[*:*]", "invoke";
-
- // org.jboss.remoting.transport.Connector
- permission javax.management.MBeanPermission "org.jboss.remoting.transport.*#-[jboss.remoting:service=invoker,*]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf";
-
- // org.jboss.remoting.transporter.InternalTransporterServices
- permission javax.management.MBeanPermission "org.jboss.remoting.network.NetworkRegistry#-[remoting:type=NetworkRegistry]", "registerMBean";
-
-// permission javax.management.MBeanPermission "*#-[*:*]", "isInstanceOf, registerMBean";
-
-
-/////////////////////////////////////////////////////////////////////////////////////////////
-// System properties accessed by Remoting
-
- permission java.util.PropertyPermission "SERIALIZATION", "read";
- permission java.util.PropertyPermission "file.separator", "read";
- permission java.util.PropertyPermission "http.basic.password", "read";
- permission java.util.PropertyPermission "http.basic.username", "read";
- permission java.util.PropertyPermission "javax.net.ssl.keyStore", "read";
- permission java.util.PropertyPermission "javax.net.ssl.keyStorePassword", "read";
- permission java.util.PropertyPermission "javax.net.ssl.keyStoreType", "read";
- permission java.util.PropertyPermission "javax.net.ssl.trustStore", "read";
- permission java.util.PropertyPermission "javax.net.ssl.trustStorePassword", "read";
- permission java.util.PropertyPermission "javax.net.ssl.trustStoreType", "read";
- permission java.util.PropertyPermission "jboss.bind.address", "read";
- permission java.util.PropertyPermission "jboss.identity", "read, write";
- permission java.util.PropertyPermission "jboss.identity.dir", "read";
- permission java.util.PropertyPermission "jboss.identity.domain", "read";
- permission java.util.PropertyPermission "jboss.remoting.compression.debug", "read";
- permission java.util.PropertyPermission "jboss.remoting.compression.min", "read";
- permission java.util.PropertyPermission "jboss.remoting.domain", "write";
- permission java.util.PropertyPermission "jboss.remoting.instanceid", "write";
- permission java.util.PropertyPermission "jboss.remoting.jmxid", "write";
- permission java.util.PropertyPermission "jboss.remoting.pre_2_0_compatible", "read";
- permission java.util.PropertyPermission "jboss.remoting.version", "read, write";
- permission java.util.PropertyPermission "jboss.server.data.dir", "read";
- permission java.util.PropertyPermission "legacyParsing", "read";
- permission java.util.PropertyPermission "org.apache.tomcat.util.*", "read";
- permission java.util.PropertyPermission "org.jboss.remoting.defaultSocketFactory", "read";
- permission java.util.PropertyPermission "org.jboss.security.ignoreHttpsHost" , "read";
- permission java.util.PropertyPermission "remoting.bind_by_host", "read";
- permission java.util.PropertyPermission "remoting.stream.host", "read";
- permission java.util.PropertyPermission "remoting.stream.port", "read";
- permission java.util.PropertyPermission "remoting.stream.transport", "read";
- permission java.util.PropertyPermission "tomcat.util.buf.StringCache.*", "read";
-
-/////////////////////////////////////////////////////////////////////////////////////////////
-// File permissions
-
- permission java.io.FilePermission "${build.home}", "read";
- permission java.io.FilePermission "${build.home}/jboss.identity", "read";
- permission java.io.FilePermission "${build.home}", "read";
- permission java.io.FilePermission "-", "read";
- permission java.io.FilePermission "-", "delete"; // Used by org.jboss.remotinng.callback.CallbackStore: configurable.
-
- // Permission for org.jboss.remoting.ident.Identity to create and read "jboss.identity" file. Could be extended.
- permission java.io.FilePermission "-", "read, write";
-
-/////////////////////////////////////////////////////////////////////////////////////////////
-// Tomcat native - TODO - this should be in a privileged block in jbossnative
-
- permission java.lang.RuntimePermission "loadLibrary.tcnative-1";
- permission java.lang.RuntimePermission "loadLibrary.libtcnative-1";
- permission java.util.PropertyPermission "java.library.path", "read";
-
-/////////////////////////////////////////////////////////////////////////////////////////////
-// TODO - JBoss Serialization SHOULD be doing these operations in a privileged block - JBSER-105
-
- permission java.lang.RuntimePermission "accessDeclaredMembers";
- permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
- permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
- permission java.lang.RuntimePermission "reflectionFactoryAccess";
- permission java.io.SerializablePermission "enableSubclassImplementation";
- permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
- permission java.io.SerializablePermission "enableSubstitution"; // <- this one is a "maybe" :-)
-
-/////////////////////////////////////////////////////////////////////////////////////////////
-// TODO - We should use a version of JBoss logging + log4j that does this stuff in privileged blocks
-
- permission java.util.PropertyPermission "org.jboss.logging.Logger.pluginClass", "read";
- permission java.io.FilePermission "${build.home}/src/etc/log4j.properties", "read";
- permission java.util.PropertyPermission "log4j.defaultInitOverride", "read";
- permission java.io.FilePermission "${build.home}/src/etc/log4j.xml", "read";
- permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.protocol.dummy";
- permission java.io.FilePermission "${build.home}/lib/apache-log4j/lib/log4j.jar", "read";
- permission java.util.PropertyPermission "elementAttributeLimit", "read";
- permission java.util.PropertyPermission "maxOccurLimit", "read";
- permission java.util.PropertyPermission "entityExpansionLimit", "read";
- permission java.util.PropertyPermission "javax.xml.parsers.DocumentBuilderFactory", "read";
- permission java.util.PropertyPermission "log4j.ignoreTCL", "read";
- permission java.util.PropertyPermission "log4j.configuratorClass", "read";
- permission java.util.PropertyPermission "log4j.configDebug", "read";
- permission java.util.PropertyPermission "log4j.debug", "read";
- permission java.util.PropertyPermission "log4j.configuration", "read";
- permission java.util.PropertyPermission "org.apache.commons.logging.LogFactory", "read";
- permission java.util.PropertyPermission "org.apache.commons.logging.Log", "read";
- permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources";
- permission java.io.FilePermission "${build.home}/output/classes/-", "read";
-};
-
-
-//****************************************************************************************************************************************************************
-//****************************************************************************************************************************************************************
-//******************************************************************
-//**** Permissions for third party libraries ****
-//******************************************************************
-//******************************************************************
-grant codeBase "file:${build.home}/lib/-"
-{
- permission java.security.AllPermission;
-};
-
-grant codeBase "file:${ant.library.dir}/-" {
- permission java.security.AllPermission;
-};
-
-//grant codeBase "file:${build.home}/src/etc/-" {
-// permission java.security.AllPermission;
-//};
-
-
-//****************************************************************************************************************************************************************
-//****************************************************************************************************************************************************************
-//******************************************************************
-//**** Permissions needed by Remoting to run the test suite ****
-//******************************************************************
-//******************************************************************
-grant codeBase "file:${build.home}/output/classes/-"
-{
- // Permission to read the test keystore
- permission java.io.FilePermission "${build.home}/output/tests/classes/-", "read";
-
- // org.jboss.test.remoting.detection.metadata.MetadataTestCase
- permission javax.management.MBeanPermission "org.jboss.test.remoting.detection.metadata.MetadataTestCase$TestNetworkRegistry#-[remoting:type=NetworkRegistry]", "isInstanceOf";
-};
-
-
-//****************************************************************************************************************************************************************
-//****************************************************************************************************************************************************************
-//***************************************************
-//**** Permissions used by the test suite ****
-//***************************************************
-//***************************************************
-grant codeBase "file:${build.home}/output/tests/classes/-"
-{
- // Used by the test suite itself
- permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
- permission javax.management.MBeanServerPermission "createMBeanServer, findMBeanServer";
- permission javax.management.MBeanServerPermission "*";
- permission javax.management.MBeanTrustPermission "register";
- permission javax.management.MBeanPermission "org.jboss.remoting.transport.*#-[jboss.remoting:service=invoker,*]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf";
- permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[jboss.remoting:type=Connector,*]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf";
- permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[test:type=connector]", "registerMBean";
- permission javax.management.MBeanPermission "org.jboss.test.remoting.detection.metadata.MetadataTestCase$TestNetworkRegistry#-[remoting:type=NetworkRegistry]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf, addNotificationListener";
- permission javax.management.MBeanPermission "org.jboss.remoting.network.NetworkRegistry#-[remoting:type=NetworkRegistry]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf, addNotificationListener";
- permission javax.management.MBeanPermission "org.jboss.remoting.detection.multicast.MulticastDetector#-[remoting:*]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf";
- permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#-[jboss:type=serversocketfactory]", "registerMBean, queryMBeans, isInstanceOf";
- permission javax.management.MBeanPermission "org.jboss.test.remoting.transport.config.FactoryConfigTestCaseParent$SelfIdentifyingServerSocketFactory#-[jboss:type=serversocketfactory]", "registerMBean, queryMBeans, isInstanceOf";
- permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#-[jboss:type=serversocketfactory2]", "registerMBean";
- permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#createServerSocket[jboss:*]", "invoke";
- permission javax.management.MBeanPermission "org.jboss.test.remoting.transport.rmi.ssl.config.FactoryConfigTestCase$SerializableServerSocketFactory#-[jboss:type=serversocketfactory]", "registerMBean";
- permission javax.management.MBeanPermission "org.jboss.test.remoting.transport.rmi.ssl.config.FactoryConfigTestCase$SerializableServerSocketFactory#-[jboss:type=serversocketfactory2]", "registerMBean";
- permission javax.management.MBeanPermission "org.jboss.remoting.transport.socket.SocketServerInvoker#Configuration[jboss.remoting:service=invoker,*]", "getAttribute";
-
- permission java.lang.RuntimePermission "enableContextClassLoaderOverride";
- permission java.lang.RuntimePermission "createClassLoader";
- permission java.lang.RuntimePermission "getClassLoader";
- permission java.lang.RuntimePermission "setContextClassLoader";
- permission java.io.FilePermission "${build.home}/output/tests/classes/org/jboss/test/remoting/classloader/race/test.jar", "read";
-
- // Used by the descendents of org.jboss.test.remoting.shutdown.ShutdownTestParent.
- permission java.io.FilePermission "<<ALL FILES>>", "execute";
-
- // This is technically the JNP server, but it seems intentional - note that this might mask other problems though
- permission java.net.SocketPermission "*:*", "accept, connect, resolve";
-
- // TODO - this stuff ought to be in privileged blocks within the Ant JUnit task
- permission java.util.PropertyPermission "*", "read, write"; // ugh
-
- // TODO - JBoss Serialization SHOULD be doing these operations in a privileged block - JBSER-105
- permission java.lang.RuntimePermission "accessDeclaredMembers";
- permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
- permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
- permission java.lang.RuntimePermission "reflectionFactoryAccess";
- permission java.io.SerializablePermission "enableSubclassImplementation";
- permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
- permission java.io.SerializablePermission "enableSubstitution"; // <- this one is a "maybe" :-)
-
- permission java.util.PropertyPermission "loader.path", "read";
-
- // TESTING ONLY - Use with the LoggingSecurityManager to locate needed permissions for the above block
-// permission java.security.AllPermission;
-};
-
-
-grant
-{
-// permission java.security.SecurityPermission "getProperty.*";
-};
\ No newline at end of file
More information about the jboss-remoting-commits
mailing list