[jboss-remoting-commits] JBoss Remoting SVN: r4140 - remoting2/branches/2.x/src/etc.
jboss-remoting-commits at lists.jboss.org
jboss-remoting-commits at lists.jboss.org
Wed May 7 19:52:09 EDT 2008
Author: ron.sigal at jboss.com
Date: 2008-05-07 19:52:09 -0400 (Wed, 07 May 2008)
New Revision: 4140
Modified:
remoting2/branches/2.x/src/etc/remoting.security.policy.tests.minimal
Log:
JBREM-920, JBREM-977: Added permissions (1) to read keystores and (2) read some system properties.
Modified: remoting2/branches/2.x/src/etc/remoting.security.policy.tests.minimal
===================================================================
--- remoting2/branches/2.x/src/etc/remoting.security.policy.tests.minimal 2008-05-07 23:50:33 UTC (rev 4139)
+++ remoting2/branches/2.x/src/etc/remoting.security.policy.tests.minimal 2008-05-07 23:52:09 UTC (rev 4140)
@@ -22,12 +22,43 @@
//****************************************************************************************************************************************************************
//****************************************************************************************************************************************************************
//******************************************************************
+//**** Minimal set of permissions for Remoting classes ****
+//******************************************************************
+//******************************************************************
+
+grant codeBase "file:${remoting.jar.dir}/jboss-remoting.jar"
+{
+ // Permissions to read test keystores and truststores
+ permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}bisocket${/}ssl${/}.keystore", "read";
+ permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}bisocket${/}ssl${/}.truststore", "read";
+ permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}rmi${/}ssl${/}.keystore", "read";
+ permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}rmi${/}ssl${/}.truststore", "read";
+ permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}socket${/}ssl${/}.keystore", "read";
+ permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}socket${/}ssl${/}.truststore", "read";
+
+ };
+
+//****************************************************************************************************************************************************************
+//****************************************************************************************************************************************************************
+//******************************************************************
//**** Minimal set of permissions for tests ****
//******************************************************************
//******************************************************************
grant codeBase "file:${build.home}/output/tests/classes/-"
-{
+{
+ // Permissions to read test keystores and truststores
+ permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}bisocket${/}ssl${/}.keystore", "read";
+ permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}bisocket${/}ssl${/}.truststore", "read";
+ permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}rmi${/}ssl${/}.keystore", "read";
+ permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}rmi${/}ssl${/}.truststore", "read";
+ permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}socket${/}ssl${/}.keystore", "read";
+ permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}socket${/}ssl${/}.truststore", "read";
+
+ permission javax.management.MBeanServerPermission "createMBeanServer";
+ permission java.util.PropertyPermission "jrunit.bind_addr", "read";
+ permission java.net.SocketPermission "*:*", "accept,resolve";
+
// org.jboss.test.remoting.transport.InvokerTestDriver
permission java.util.PropertyPermission "remoting.metadata", "read";
permission java.util.PropertyPermission "jvm.mx", "read";
@@ -36,6 +67,12 @@
permission java.net.SocketPermission "*:*", "connect";
permission java.util.PropertyPermission "jboss-junit-configuration", "read";
+ // org.jboss.test.remoting.transport.InvokerClientTest
+ permission java.util.PropertyPermission "remoting.metadata.callback", "read";
+
+ // org.jboss.test.remoting.transport.web.WebInvokerTestClient
+ permission java.util.PropertyPermission "check_content_type", "read";
+
/////////////////////////////////////////////////////////////////////////////////////////////
// TODO - We should use a version of JBoss logging + log4j that does this stuff in privileged blocks
More information about the jboss-remoting-commits
mailing list