[jboss-remoting-commits] JBoss Remoting SVN: r4140 - remoting2/branches/2.x/src/etc.

jboss-remoting-commits at lists.jboss.org jboss-remoting-commits at lists.jboss.org
Wed May 7 19:52:09 EDT 2008 

Author: ron.sigal at jboss.com
Date: 2008-05-07 19:52:09 -0400 (Wed, 07 May 2008)
New Revision: 4140

Modified:
   remoting2/branches/2.x/src/etc/remoting.security.policy.tests.minimal
Log:
JBREM-920, JBREM-977: Added permissions (1) to read keystores and (2) read some system properties.

Modified: remoting2/branches/2.x/src/etc/remoting.security.policy.tests.minimal
===================================================================
--- remoting2/branches/2.x/src/etc/remoting.security.policy.tests.minimal	2008-05-07 23:50:33 UTC (rev 4139)
+++ remoting2/branches/2.x/src/etc/remoting.security.policy.tests.minimal	2008-05-07 23:52:09 UTC (rev 4140)
@@ -22,12 +22,43 @@
 //****************************************************************************************************************************************************************
 //****************************************************************************************************************************************************************
 //******************************************************************
+//****    Minimal set of permissions for Remoting classes       ****
+//******************************************************************
+//******************************************************************
+
+grant codeBase "file:${remoting.jar.dir}/jboss-remoting.jar"
+{
+    // Permissions to read test keystores and truststores
+    permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}bisocket${/}ssl${/}.keystore", "read";
+    permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}bisocket${/}ssl${/}.truststore", "read";
+    permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}rmi${/}ssl${/}.keystore", "read";
+    permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}rmi${/}ssl${/}.truststore", "read";
+    permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}socket${/}ssl${/}.keystore", "read";
+    permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}socket${/}ssl${/}.truststore", "read";
+
+ };   
+    
+//****************************************************************************************************************************************************************
+//****************************************************************************************************************************************************************
+//******************************************************************
 //****          Minimal set of permissions for tests            ****
 //******************************************************************
 //****************************************************************** 
 
 grant codeBase "file:${build.home}/output/tests/classes/-"
-{
+{
+    // Permissions to read test keystores and truststores
+    permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}bisocket${/}ssl${/}.keystore", "read";
+    permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}bisocket${/}ssl${/}.truststore", "read";
+    permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}rmi${/}ssl${/}.keystore", "read";
+    permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}rmi${/}ssl${/}.truststore", "read";
+    permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}socket${/}ssl${/}.keystore", "read";
+    permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}socket${/}ssl${/}.truststore", "read";
+
+    permission javax.management.MBeanServerPermission "createMBeanServer";
+    permission java.util.PropertyPermission "jrunit.bind_addr", "read";
+    permission java.net.SocketPermission "*:*", "accept,resolve";
+
     // org.jboss.test.remoting.transport.InvokerTestDriver
     permission java.util.PropertyPermission "remoting.metadata", "read";
     permission java.util.PropertyPermission "jvm.mx", "read";
@@ -36,6 +67,12 @@
     permission java.net.SocketPermission "*:*", "connect";
     permission java.util.PropertyPermission "jboss-junit-configuration", "read";
     
+    // org.jboss.test.remoting.transport.InvokerClientTest
+    permission java.util.PropertyPermission "remoting.metadata.callback", "read";
+    
+    // org.jboss.test.remoting.transport.web.WebInvokerTestClient
+    permission java.util.PropertyPermission "check_content_type", "read";
+    
     /////////////////////////////////////////////////////////////////////////////////////////////
 // TODO - We should use a version of JBoss logging + log4j that does this stuff in privileged blocks

More information about the jboss-remoting-commits mailing list