[jboss-user] [Security & JAAS/JBoss] - Re: java.policy : crash after some hours
jogregoire
do-not-reply at jboss.com
Thu Oct 11 10:50:38 EDT 2007
I think that i've solve the problem. I've added the following lines at the end of the file :
permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.setPrincipalInfo";
permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.getPrincipalInfo";
permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.setRunAsRole";
permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.setServer";
permission javax.security.auth.AuthPermission "createLoginContext.*";
I'll post a mail if during the next days the web app don't crash.
I also post the debian version of the script. I've got a problem with this script : I must give reading rigths to the "/" directory (the Hibernate cache system has to do Tmp.list()). If somebody knows how to solve this security problem ...
// Trusted core Java code
grant codeBase "file:/home/logiciel/java/sources/jre1.5.0_12/lib/ext/-" {
permission java.security.AllPermission;
};
grant codeBase "file:/home/logiciel/java/sources/jre1.5.0_12/lib/*" {
permission java.security.AllPermission;
};
// Trusted core Jboss code
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/bin/-" {
permission java.security.AllPermission;
};
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/lib/-" {
permission java.security.AllPermission;
};
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/lib/-" {
permission java.security.AllPermission;
};
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/deploy/jmx-console.war/-"{
permission java.security.AllPermission;
};
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/deploy/jbossws14.sar/-"{
permission java.security.AllPermission;
};
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/deploy/jbossweb-tomcat55.sar/-"{
permission java.security.AllPermission;
};
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/deploy/jboss-aop.deployer/-"{
permission java.security.AllPermission;
};
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/deploy/http-invoker.sar/-"{
permission java.security.AllPermission;
};
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/deploy/jboss-bean.deployer/-"{
permission java.security.AllPermission;
};
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/deploy/jms/-"{
permission java.security.AllPermission;
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/deploy/uuid-key-generator.sar/-"{
permission java.security.AllPermission;
};
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-" {
permission java.io.FilePermission "/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-", "read";
permission java.io.FilePermission "/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-", "write";
permission java.io.FilePermission "/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-", "delete";
permission java.io.FilePermission "/home/logiciel/jboss/jboss-4.0.5.GA/bin/autorized/-", "read";
permission java.io.FilePermission "/home/logiciel/jboss/jboss-4.0.5.GA/bin/autorized/-", "write";
permission java.io.FilePermission "/home/logiciel/jboss/jboss-4.0.5.GA/bin/autorized/-", "delete";
permission java.io.FilePermission "/-", "read";
permission java.io.FilePermission "/tmp/-", "write";
permission java.io.FilePermission "/tmp/-", "delete";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "getClassLoader";
permission java.security.SecurityPermission "getPolicy";
};
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-" {
permission java.io.FilePermission "/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-", "read";
permission java.io.FilePermission "/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-", "write";
permission java.io.FilePermission "/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-", "delete";
permission java.io.FilePermission "/home/logiciel/jboss/jboss-4.0.5.GA/bin/autorized/-", "read";
permission java.io.FilePermission "/home/logiciel/jboss/jboss-4.0.5.GA/bin/autorized/-", "write";
permission java.io.FilePermission "/home/logiciel/jboss/jboss-4.0.5.GA/bin/autorized/-", "delete";
permission java.io.FilePermission "/-", "read";
permission java.io.FilePermission "/tmp/-", "write";
permission java.io.FilePermission "/tmp/-", "delete";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "getClassLoader";
permission java.security.SecurityPermission "getPolicy";
};
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-" {
permission java.io.FilePermission "/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-", "read";
permission java.io.FilePermission "/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-", "write";
permission java.io.FilePermission "/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-", "delete";
permission java.io.FilePermission "/home/logiciel/jboss/jboss-4.0.5.GA/bin/autorized/-", "read";
permission java.io.FilePermission "/home/logiciel/jboss/jboss-4.0.5.GA/bin/autorized/-", "write";
permission java.io.FilePermission "/home/logiciel/jboss/jboss-4.0.5.GA/bin/autorized/-", "delete";
permission java.io.FilePermission "/-", "read";
permission java.io.FilePermission "/tmp/-", "write";
permission java.io.FilePermission "/tmp/-", "delete";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "getClassLoader";
permission java.security.SecurityPermission "getPolicy";
};
grant {
permission java.util.PropertyPermission "*", "read";
permission java.lang.RuntimePermission "queuePrintJob";
permission java.net.SocketPermission "localhost:5432", "accept, connect, listen";
permission java.net.SocketPermission "localhost:8009", "accept, connect, listen";
permission java.net.SocketPermission "*:80", "accept, connect, listen";
permission java.net.SocketPermission "*:110", "accept, connect, listen";
permission java.net.SocketPermission "*:25", "accept, connect, listen";
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.getSubject";
permission javax.management.MBeanServerPermission "findMBeanServer";
permission javax.management.MBeanPermission "org.jboss.mx.modelmbean.XMBean#*[JMImplementation:type=MBeanRegistry]", "*";
permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.setPrincipalInfo";
permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.getPrincipalInfo";
permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.setRunAsRole";
permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.setServer";
permission javax.security.auth.AuthPermission "createLoginContext.*";
}
;
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4094136#4094136
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4094136
More information about the jboss-user
mailing list