[jboss-remoting-commits] JBoss Remoting SVN: r3784 - remoting2/branches/2.x.

jboss-remoting-commits at lists.jboss.org jboss-remoting-commits at lists.jboss.org
Wed Mar 26 04:42:04 EDT 2008 

Author: ron.sigal at jboss.com
Date: 2008-03-26 04:42:04 -0400 (Wed, 26 Mar 2008)
New Revision: 3784

Modified:
   remoting2/branches/2.x/test.policy
Log:
JBREM-920: Added some permissions, generalized others.

Modified: remoting2/branches/2.x/test.policy
===================================================================
--- remoting2/branches/2.x/test.policy	2008-03-26 08:24:42 UTC (rev 3783)
+++ remoting2/branches/2.x/test.policy	2008-03-26 08:42:04 UTC (rev 3784)
@@ -17,14 +17,15 @@
     permission javax.management.MBeanTrustPermission "register";
     permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#MBeanServerId[JMImplementation:type=MBeanServerDelegate]", "getAttribute";
     permission javax.management.MBeanPermission "-#-[-]", "queryMBeans";
-    permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[jboss.remoting:transport=socket,type=Connector]", "queryMBeans, isInstanceOf";
-    permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[jboss.remoting:transport=sslsocket,type=Connector]", "queryMBeans, isInstanceOf";
+    permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[jboss.remoting:type=Connector,*]", "queryMBeans, isInstanceOf";
+    permission javax.management.MBeanPermission "org.jboss.remoting.ServerInvoker#-[jboss.remoting:service=invoker,*]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf";
     permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "queryMBeans, isInstanceOf, getAttribute";
     permission javax.management.MBeanPermission "org.jboss.remoting.detection.multicast.MulticastDetector#-[remoting:type=JNDIDetector]", "queryMBeans, isInstanceOf";
     permission javax.management.MBeanPermission "org.jboss.remoting.detection.multicast.MulticastDetector#-[remoting:type=MulticastDetector]", "queryMBeans, isInstanceOf, unregisterMBean";
     permission javax.management.MBeanPermission "org.jboss.remoting.network.NetworkRegistry#-[remoting:type=NetworkRegistry]", "queryMBeans, isInstanceOf";
     permission javax.management.MBeanPermission "org.jboss.remoting.network.NetworkRegistry#Servers[remoting:type=NetworkRegistry]", "getAttribute";
-
+    permission javax.management.MBeanPermission "-#ServerDataDir[jboss.system:type=ServerConfig]", "getAttribute";
+    
     // TODO: Figure out why these aren't covered by the AllPermission entries below
     permission javax.management.MBeanPermission "org.jboss.test.remoting.detection.metadata.MetadataTestCase$TestNetworkRegistry#-[remoting:type=NetworkRegistry]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf";
 
@@ -50,7 +51,15 @@
     permission java.util.PropertyPermission "http.basic.username", "read";
     permission java.util.PropertyPermission "http.basic.password", "read";
     permission java.util.PropertyPermission "org.jboss.remoting.defaultSocketFactory", "read";
-
+    permission java.util.PropertyPermission "jboss.server.data.dir", "read";
+    permission java.util.PropertyPermission "file.separator", "read";
+    permission java.util.PropertyPermission "jboss.remoting.compression.debug", "read";   
+    permission java.util.PropertyPermission "jboss.remoting.compression.min", "read";   
+    permission java.util.PropertyPermission "remoting.stream.transport", "read";   
+    permission java.util.PropertyPermission "remoting.stream.host", "read";   
+    permission java.util.PropertyPermission "remoting.stream.port", "read"; 
+    permission java.util.PropertyPermission "org.jboss.security.ignoreHttpsHost" , "read";   
+    
     // Tomcat native - TODO - this should be in a privileged block in jbossnative
     permission java.lang.RuntimePermission "loadLibrary.tcnative-1";
     permission java.lang.RuntimePermission "loadLibrary.libtcnative-1";
@@ -60,6 +69,9 @@
     permission java.io.FilePermission "${build.home}/output/tests/classes/-", "read";
     permission java.io.FilePermission "${build.home}", "read";
     permission java.io.FilePermission "${build.home}/jboss.identity", "read";
+    
+    // Permission for org.jboss.remoting.ident.Identity to create "jboss.identity" file.  Could be extended.
+    permission java.io.FilePermission "${build.home}", "write";
 
     // Used by org.jboss.util.propertyeditor.PropertyEditors.mapJavaBeanProperties(), though still a Remoting permission I think
     permission java.lang.RuntimePermission "accessClassInPackage.sun.beans.editors";
@@ -109,11 +121,7 @@
     permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
     permission javax.management.MBeanServerPermission "createMBeanServer, findMBeanServer";
     permission javax.management.MBeanTrustPermission "register";
-    permission javax.management.MBeanPermission "org.jboss.remoting.transport.socket.SocketServerInvoker#-[jboss.remoting:host=127.0.0.1,*,service=invoker,transport=socket]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf";
-    permission javax.management.MBeanPermission "org.jboss.remoting.transport.socket.SocketServerInvoker#-[jboss.remoting:host=localhost,*,service=invoker,transport=socket]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf";
-    permission javax.management.MBeanPermission "org.jboss.remoting.transport.socket.SocketServerInvoker#-[jboss.remoting:host=\"[::1]\",*,service=invoker,transport=socket]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf";
-    permission javax.management.MBeanPermission "org.jboss.remoting.transport.socket.SocketServerInvoker#-[jboss.remoting:host=\"[::ffff:127.0.0.1]\",*,service=invoker,transport=socket]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf";
-    permission javax.management.MBeanPermission "org.jboss.remoting.transport.socket.SocketServerInvoker#-[jboss.remoting:host=\"[::]\",*,service=invoker,transport=socket]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf";
+    permission javax.management.MBeanPermission "org.jboss.remoting.ServerInvoker#-[jboss.remoting:service=invoker,*]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf";
     permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[jboss.remoting:*,transport=socket,type=Connector]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf";
     permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[jboss.remoting:transport=socket,type=Connector]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf";
     permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[test:type=connector]", "registerMBean";

More information about the jboss-remoting-commits mailing list