[jboss-dev-forums] [Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149

Tuesday, 11 November 2008

Adrian,  we have an opportunity to use the jar url format to specify the permissions
instead of the vfs url format. I know this is not ideal but I have tested the following:

  | grant codeBase
"jar:file:${jboss.server.home.dir}/deploy/jms-ra.rar!/jms-ra.jar/-" {
  |    permission java.lang.RuntimePermission "setContextClassLoader";
  |    permission org.jboss.naming.JndiPermission "<<ALL
BINDINGS>>","lookup";
  |    permission java.io.FilePermission "${jboss.home.dir}/lib/jboss-aop.jar",
"read";
  |    permission javax.management.MBeanPermission "*",
"getAttribute,invoke,setAttribute";
  | };
  | 
  | grant codeBase
"jar:file:${jboss.server.home.dir}/deploy/jbossweb.sar!/jstl.jar/-" {
  |    permission java.security.AllPermission;
  | };
  | 
  | etc
  | 

http://anonsvn.jboss.org/repos/jbossas/trunk/testsuite/src/resources/secu...

Basically the VFSUtils.getRealURL(vfsURL) returns the jar url or file url depending on
whether the vfs protocol is "vfszip" or "vfsfile".

Please comment on this approach.

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4188357#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-dev-forums] [Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149