April 2008 - jboss-remoting-commits

JBoss Remoting SVN: r3917 - remoting2/branches/2.x/src/etc.

by jboss-remoting-commits＠lists.jboss.org

Author: ron.sigal(a)jboss.com Date: 2008-04-09 02:59:23 -0400 (Wed, 09 Apr 2008) New Revision: 3917 Added: remoting2/branches/2.x/src/etc/remoting.security.policy.tests.marshal Log: JBREM-920, JBREM-934: New policy file for remote classloading marshal tests. Added: remoting2/branches/2.x/src/etc/remoting.security.policy.tests.marshal =================================================================== --- remoting2/branches/2.x/src/etc/remoting.security.policy.tests.marshal (rev 0) +++ remoting2/branches/2.x/src/etc/remoting.security.policy.tests.marshal 2008-04-09 06:59:23 UTC (rev 3917) @@ -0,0 +1,136 @@ +// JBoss, Home of Professional Open Source +// Copyright 2005, JBoss Inc., and individual contributors as indicated +// by the @authors tag. See the copyright.txt in the distribution for a +// full listing of individual contributors. +// +// This is free software; you can redistribute it and/or modify it +// under the terms of the GNU Lesser General Public License as +// published by the Free Software Foundation; either version 2.1 of +// the License, or (at your option) any later version. +// +// This software is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this software; if not, write to the Free +// Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +// 02110-1301 USA, or see the FSF site: http://www.fsf.org. +// + +//**************************************************************************************************************************************************************** +//**************************************************************************************************************************************************************** +//****************************************************************** +//**** Permissions needed by Remoting to run the test suite **** +//****************************************************************** +//****************************************************************** + +grant codeBase "file:${build.home}/output/lib/jboss-remoting.jar" +{ + // Permission to read test keystores + permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}-", "read"; + + // Permission for org.jboss.remoting.callback.CallbackStore + permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}-", "read, write, delete"; + + // org.jboss.test.remoting.detection.metadata.MetadataTestCase + permission javax.management.MBeanPermission "org.jboss.test.remoting.detection.metadata.MetadataTestCase$TestNetworkRegistry#-[remoting:type=NetworkRegistry]", "isInstanceOf"; + + // org.jboss.ant.taskdefs.XMLJUnitMultipleResultFormatter calls + // org.jboss.remoting.util.SystemUtility + permission java.util.PropertyPermission "jboss-junit-configuration", "read"; +}; + + +//**************************************************************************************************************************************************************** +//**************************************************************************************************************************************************************** +//**************************************************************************** +//**** Permissions used by the test suite **** +//**** (tests.marshall) **** +//**************************************************************************** +//**************************************************************************** + +grant codeBase "file:${build.home}/output/lib/jboss-remoting-tests.jar" +{ + permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}classloader${/}race${/}test.jar", "read"; + + // Used by the descendents of org.jboss.test.remoting.shutdown.ShutdownTestParent. + permission java.io.FilePermission "<<ALL FILES>>", "execute"; + + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; + + permission java.lang.RuntimePermission "enableContextClassLoaderOverride"; + permission java.lang.RuntimePermission "createClassLoader"; + permission java.lang.RuntimePermission "getClassLoader"; + permission java.lang.RuntimePermission "setContextClassLoader"; + + permission javax.management.MBeanTrustPermission "register"; + + permission javax.management.MBeanServerPermission "createMBeanServer, findMBeanServer"; + permission javax.management.MBeanPermission "org.jboss.remoting.transport.*#-[jboss.remoting:service=invoker,*]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf"; + permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[jboss.remoting:type=Connector,*]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf"; + permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[test:type=connector]", "registerMBean"; + permission javax.management.MBeanPermission "org.jboss.test.remoting.detection.metadata.MetadataTestCase$TestNetworkRegistry#-[remoting:type=NetworkRegistry]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf, addNotificationListener"; + permission javax.management.MBeanPermission "org.jboss.remoting.network.NetworkRegistry#-[remoting:type=NetworkRegistry]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf, addNotificationListener"; + permission javax.management.MBeanPermission "org.jboss.remoting.detection.multicast.MulticastDetector#-[remoting:*]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf"; + permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#-[jboss:type=serversocketfactory]", "registerMBean, queryMBeans, isInstanceOf"; + permission javax.management.MBeanPermission "org.jboss.test.remoting.transport.config.FactoryConfigTestCaseParent$SelfIdentifyingServerSocketFactory#-[jboss:type=serversocketfactory]", "registerMBean, queryMBeans, isInstanceOf"; + permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#-[jboss:type=serversocketfactory2]", "registerMBean"; + permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#createServerSocket[jboss:*]", "invoke"; + permission javax.management.MBeanPermission "org.jboss.test.remoting.transport.rmi.ssl.config.FactoryConfigTestCase$SerializableServerSocketFactory#-[jboss:type=serversocketfactory]", "registerMBean"; + permission javax.management.MBeanPermission "org.jboss.test.remoting.transport.rmi.ssl.config.FactoryConfigTestCase$SerializableServerSocketFactory#-[jboss:type=serversocketfactory2]", "registerMBean"; + permission javax.management.MBeanPermission "org.jboss.remoting.transport.socket.SocketServerInvoker#Configuration[jboss.remoting:service=invoker,*]", "getAttribute"; + + // This is technically the JNP server, but it seems intentional - note that this might mask other problems though + permission java.net.SocketPermission "*:*", "accept, connect, resolve"; + + // TODO - this stuff ought to be in privileged blocks within the Ant JUnit task + permission java.util.PropertyPermission "*", "read, write"; // ugh + + // Used by org.jboss.test.remoting.marshall.dynamic.remote.http.HTTPMarshallerLoadingTestCase.getExtendedServerClasspath(), + // org.jboss.test.remoting.marshall.dynamic.remote.socket.SocketMarshallerLoadingTestCase.getExtendedServerClasspath(). + permission java.util.PropertyPermission "loader.path", "read"; + + // TESTING ONLY - Use with the LoggingSecurityManager to locate needed permissions for the above block +// permission java.security.AllPermission; + +///////////////////////////////////////////////////////////////////////////////////////////// +// TODO - We should use a version of JBoss logging + log4j that does this stuff in privileged blocks + + permission java.io.FilePermission "${build.home}${/}src${/}etc${/}log4j.properties", "read"; + permission java.io.FilePermission "${build.home}${/}src${/}etc${/}log4j.xml", "read"; + permission java.io.FilePermission "${build.home}${/}lib${/}apache-log4j${/}lib${/}log4j.jar", "read"; + permission java.io.FilePermission "${build.home}${/}output${/}classes${/}-", "read"; + permission java.lang.RuntimePermission "accessClassInPackage.*"; + permission java.util.PropertyPermission "org.jboss.logging.Logger.pluginClass", "read"; + permission java.util.PropertyPermission "log4j.defaultInitOverride", "read"; + permission java.util.PropertyPermission "elementAttributeLimit", "read"; + permission java.util.PropertyPermission "maxOccurLimit", "read"; + permission java.util.PropertyPermission "entityExpansionLimit", "read"; + permission java.util.PropertyPermission "javax.xml.parsers.DocumentBuilderFactory", "read"; + permission java.util.PropertyPermission "log4j.ignoreTCL", "read"; + permission java.util.PropertyPermission "log4j.configuratorClass", "read"; + permission java.util.PropertyPermission "log4j.configDebug", "read"; + permission java.util.PropertyPermission "log4j.debug", "read"; + permission java.util.PropertyPermission "log4j.configuration", "read"; + permission java.util.PropertyPermission "org.apache.commons.logging.LogFactory", "read"; + permission java.util.PropertyPermission "org.apache.commons.logging.Log", "read"; +}; + +//**************************************************************************************************************************************************************** +//**************************************************************************************************************************************************************** +//****************************************************************** +//**** Permissions for third party libraries **** +//****************************************************************** +//****************************************************************** + +grant codeBase "file:/${build.home}/lib/-" +{ + permission java.security.AllPermission; +}; + +grant codeBase "file:/${ant.library.dir}/-" +{ + permission java.security.AllPermission; +};

18 years

1
0
0 / 0

JBoss Remoting SVN: r3916 - remoting2/branches/2.x/src/etc.

by jboss-remoting-commits＠lists.jboss.org

Author: ron.sigal(a)jboss.com Date: 2008-04-09 02:58:47 -0400 (Wed, 09 Apr 2008) New Revision: 3916 Modified: remoting2/branches/2.x/src/etc/remoting.security.policy.tests.minimal Log: JBREM-920, JBREM-934: Changed to jboss-remoting.jar; other changes. Modified: remoting2/branches/2.x/src/etc/remoting.security.policy.tests.minimal =================================================================== --- remoting2/branches/2.x/src/etc/remoting.security.policy.tests.minimal 2008-04-09 06:57:26 UTC (rev 3915) +++ remoting2/branches/2.x/src/etc/remoting.security.policy.tests.minimal 2008-04-09 06:58:47 UTC (rev 3916) @@ -1,3 +1,24 @@ +// JBoss, Home of Professional Open Source +// Copyright 2005, JBoss Inc., and individual contributors as indicated +// by the @authors tag. See the copyright.txt in the distribution for a +// full listing of individual contributors. +// +// This is free software; you can redistribute it and/or modify it +// under the terms of the GNU Lesser General Public License as +// published by the Free Software Foundation; either version 2.1 of +// the License, or (at your option) any later version. +// +// This software is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this software; if not, write to the Free +// Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +// 02110-1301 USA, or see the FSF site: http://www.fsf.org. +// + //**************************************************************************************************************************************************************** //**************************************************************************************************************************************************************** //****************************************************************** @@ -3,12 +24,7 @@ //**** Minimal set of permissions for tests **** //****************************************************************** -//****************************************************************** +//****************************************************************** -grant codeBase "file:${ant.library.dir}/-" -{ - permission java.security.AllPermission; -}; - -grant codeBase "file:${build.home}/output/classes/-" +grant codeBase "file:${build.home}/output/lib/jboss-remoting.jar" { // org.jboss.ant.taskdefs.XMLJUnitMultipleResultFormatter calls @@ -21,5 +37,44 @@ { // org.jboss.test.remoting.transport.InvokerTestDriver permission java.util.PropertyPermission "remoting.metadata", "read"; - permission java.util.PropertyPermission "jvm.mx", "read"; + permission java.util.PropertyPermission "jvm.mx", "read"; + + ///////////////////////////////////////////////////////////////////////////////////////////// +// TODO - We should use a version of JBoss logging + log4j that does this stuff in privileged blocks + + permission java.io.FilePermission "${build.home}${/}src${/}etc${/}log4j.properties", "read"; + permission java.io.FilePermission "${build.home}${/}src${/}etc${/}log4j.xml", "read"; + permission java.io.FilePermission "${build.home}${/}lib${/}apache-log4j${/}lib${/}log4j.jar", "read"; + permission java.io.FilePermission "${build.home}${/}output${/}classes${/}-", "read"; + permission java.lang.RuntimePermission "accessClassInPackage.*"; + permission java.util.PropertyPermission "org.jboss.logging.Logger.pluginClass", "read"; + permission java.util.PropertyPermission "log4j.defaultInitOverride", "read"; + permission java.util.PropertyPermission "elementAttributeLimit", "read"; + permission java.util.PropertyPermission "maxOccurLimit", "read"; + permission java.util.PropertyPermission "entityExpansionLimit", "read"; + permission java.util.PropertyPermission "javax.xml.parsers.DocumentBuilderFactory", "read"; + permission java.util.PropertyPermission "log4j.ignoreTCL", "read"; + permission java.util.PropertyPermission "log4j.configuratorClass", "read"; + permission java.util.PropertyPermission "log4j.configDebug", "read"; + permission java.util.PropertyPermission "log4j.debug", "read"; + permission java.util.PropertyPermission "log4j.configuration", "read"; + permission java.util.PropertyPermission "org.apache.commons.logging.LogFactory", "read"; + permission java.util.PropertyPermission "org.apache.commons.logging.Log", "read"; +}; + + +//**************************************************************************************************************************************************************** +//**************************************************************************************************************************************************************** +//****************************************************************** +//**** Permissions for third party libraries **** +//****************************************************************** +//****************************************************************** +grant codeBase "file:/${build.home}/lib/-" +{ + permission java.security.AllPermission; +}; + +grant codeBase "file:/${ant.library.dir}/-" +{ + permission java.security.AllPermission; }; \ No newline at end of file

18 years

1
0
0 / 0

JBoss Remoting SVN: r3915 - remoting2/branches/2.x/src/etc.

by jboss-remoting-commits＠lists.jboss.org

Author: ron.sigal(a)jboss.com Date: 2008-04-09 02:57:26 -0400 (Wed, 09 Apr 2008) New Revision: 3915 Modified: remoting2/branches/2.x/src/etc/remoting.security.policy.tests Log: JBREM-920, JBREM-934: Mostly cosmetic changes. Modified: remoting2/branches/2.x/src/etc/remoting.security.policy.tests =================================================================== --- remoting2/branches/2.x/src/etc/remoting.security.policy.tests 2008-04-09 06:55:22 UTC (rev 3914) +++ remoting2/branches/2.x/src/etc/remoting.security.policy.tests 2008-04-09 06:57:26 UTC (rev 3915) @@ -1,3 +1,24 @@ +// JBoss, Home of Professional Open Source +// Copyright 2005, JBoss Inc., and individual contributors as indicated +// by the @authors tag. See the copyright.txt in the distribution for a +// full listing of individual contributors. +// +// This is free software; you can redistribute it and/or modify it +// under the terms of the GNU Lesser General Public License as +// published by the Free Software Foundation; either version 2.1 of +// the License, or (at your option) any later version. +// +// This software is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this software; if not, write to the Free +// Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +// 02110-1301 USA, or see the FSF site: http://www.fsf.org. +// + //**************************************************************************************************************************************************************** //**************************************************************************************************************************************************************** //****************************************************************** @@ -4,7 +25,8 @@ //**** Permissions needed by Remoting to run the test suite **** //****************************************************************** //****************************************************************** -grant codeBase "file:${build.home}/output/classes/-" + +grant codeBase "file:${build.home}/output/lib/jboss-remoting.jar" { // Permission to read test keystores permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}-", "read"; @@ -23,10 +45,13 @@ //**************************************************************************************************************************************************************** //**************************************************************************************************************************************************************** -//*************************************************** -//**** Permissions used by the test suite **** -//*************************************************** -//*************************************************** +//**************************************************************************** +//**** Permissions used by the test suite **** +//**** (tests.functional.main, tests.functional.main.http, **** +//**** tests.functional.main.core, and tests.functional.main.http.core) **** +//**************************************************************************** +//**************************************************************************** + grant codeBase "file:${build.home}/output/tests/classes/-" { permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}classloader${/}race${/}test.jar", "read"; @@ -43,21 +68,21 @@ permission javax.management.MBeanTrustPermission "register"; - permission javax.management.MBeanServerPermission "createMBeanServer, findMBeanServer"; -// permission javax.management.MBeanServerPermission "*"; + permission javax.management.MBeanPermission "org.jboss.remoting.detection.multicast.MulticastDetector#-[remoting:*]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf"; + permission javax.management.MBeanPermission "org.jboss.remoting.network.NetworkRegistry#-[remoting:type=NetworkRegistry]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf, addNotificationListener"; + permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#-[jboss:type=serversocketfactory2]", "registerMBean"; + permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#-[jboss:type=serversocketfactory]", "registerMBean, queryMBeans, isInstanceOf"; + permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#createServerSocket[jboss:*]", "invoke"; permission javax.management.MBeanPermission "org.jboss.remoting.transport.*#-[jboss.remoting:service=invoker,*]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf"; permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[jboss.remoting:type=Connector,*]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf"; permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[test:type=connector]", "registerMBean"; + permission javax.management.MBeanPermission "org.jboss.remoting.transport.socket.SocketServerInvoker#Configuration[jboss.remoting:service=invoker,*]", "getAttribute"; + permission javax.management.MBeanPermission "org.jboss.test.remoting.detection.metadata.MetadataTestCase$TestNetworkRegistry#-[remoting:type=NetworkRegistry]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf, addNotificationListener"; - permission javax.management.MBeanPermission "org.jboss.remoting.network.NetworkRegistry#-[remoting:type=NetworkRegistry]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf, addNotificationListener"; - permission javax.management.MBeanPermission "org.jboss.remoting.detection.multicast.MulticastDetector#-[remoting:*]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf"; - permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#-[jboss:type=serversocketfactory]", "registerMBean, queryMBeans, isInstanceOf"; permission javax.management.MBeanPermission "org.jboss.test.remoting.transport.config.FactoryConfigTestCaseParent$SelfIdentifyingServerSocketFactory#-[jboss:type=serversocketfactory]", "registerMBean, queryMBeans, isInstanceOf"; - permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#-[jboss:type=serversocketfactory2]", "registerMBean"; - permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#createServerSocket[jboss:*]", "invoke"; + permission javax.management.MBeanPermission "org.jboss.test.remoting.transport.rmi.ssl.config.FactoryConfigTestCase$SerializableServerSocketFactory#-[jboss:type=serversocketfactory2]", "registerMBean"; permission javax.management.MBeanPermission "org.jboss.test.remoting.transport.rmi.ssl.config.FactoryConfigTestCase$SerializableServerSocketFactory#-[jboss:type=serversocketfactory]", "registerMBean"; - permission javax.management.MBeanPermission "org.jboss.test.remoting.transport.rmi.ssl.config.FactoryConfigTestCase$SerializableServerSocketFactory#-[jboss:type=serversocketfactory2]", "registerMBean"; - permission javax.management.MBeanPermission "org.jboss.remoting.transport.socket.SocketServerInvoker#Configuration[jboss.remoting:service=invoker,*]", "getAttribute"; + permission javax.management.MBeanServerPermission "createMBeanServer, findMBeanServer"; // This is technically the JNP server, but it seems intentional - note that this might mask other problems though permission java.net.SocketPermission "*:*", "accept, connect, resolve"; @@ -65,19 +90,30 @@ // TODO - this stuff ought to be in privileged blocks within the Ant JUnit task permission java.util.PropertyPermission "*", "read, write"; // ugh - // TODO - JBoss Serialization SHOULD be doing these operations in a privileged block - JBSER-105 -// permission java.lang.RuntimePermission "accessDeclaredMembers"; -// permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; -// permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; -// permission java.lang.RuntimePermission "reflectionFactoryAccess"; -// permission java.io.SerializablePermission "enableSubclassImplementation"; -// permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; -// permission java.io.SerializablePermission "enableSubstitution"; // <- this one is a "maybe" :-) - - permission java.util.PropertyPermission "loader.path", "read"; - // TESTING ONLY - Use with the LoggingSecurityManager to locate needed permissions for the above block // permission java.security.AllPermission; + +///////////////////////////////////////////////////////////////////////////////////////////// +// TODO - We should use a version of JBoss logging + log4j that does this stuff in privileged blocks + + permission java.io.FilePermission "${build.home}${/}src${/}etc${/}log4j.properties", "read"; + permission java.io.FilePermission "${build.home}${/}src${/}etc${/}log4j.xml", "read"; + permission java.io.FilePermission "${build.home}${/}lib${/}apache-log4j${/}lib${/}log4j.jar", "read"; + permission java.io.FilePermission "${build.home}${/}output${/}classes${/}-", "read"; + permission java.lang.RuntimePermission "accessClassInPackage.*"; + permission java.util.PropertyPermission "org.jboss.logging.Logger.pluginClass", "read"; + permission java.util.PropertyPermission "log4j.defaultInitOverride", "read"; + permission java.util.PropertyPermission "elementAttributeLimit", "read"; + permission java.util.PropertyPermission "maxOccurLimit", "read"; + permission java.util.PropertyPermission "entityExpansionLimit", "read"; + permission java.util.PropertyPermission "javax.xml.parsers.DocumentBuilderFactory", "read"; + permission java.util.PropertyPermission "log4j.ignoreTCL", "read"; + permission java.util.PropertyPermission "log4j.configuratorClass", "read"; + permission java.util.PropertyPermission "log4j.configDebug", "read"; + permission java.util.PropertyPermission "log4j.debug", "read"; + permission java.util.PropertyPermission "log4j.configuration", "read"; + permission java.util.PropertyPermission "org.apache.commons.logging.LogFactory", "read"; + permission java.util.PropertyPermission "org.apache.commons.logging.Log", "read"; }; @@ -86,16 +122,14 @@ //****************************************************************** //**** Permissions for third party libraries **** //****************************************************************** -//****************************************************************** -grant codeBase "file:${build.home}/lib/-" +//****************************************************************** + +grant codeBase "file:/${build.home}/lib/-" { permission java.security.AllPermission; }; -grant codeBase "file:${ant.library.dir}/-" { +grant codeBase "file:/${ant.library.dir}/-" +{ permission java.security.AllPermission; }; - -//grant codeBase "file:${build.home}/src/etc/-" { -// permission java.security.AllPermission; -//}; \ No newline at end of file

18 years

1
0
0 / 0

JBoss Remoting SVN: r3914 - remoting2/branches/2.x/src/etc.

by jboss-remoting-commits＠lists.jboss.org

Author: ron.sigal(a)jboss.com Date: 2008-04-09 02:55:22 -0400 (Wed, 09 Apr 2008) New Revision: 3914 Modified: remoting2/branches/2.x/src/etc/remoting.security.policy.core Log: JBREM-920, JBREM-934: Eliminated unnecessary permissions. Modified: remoting2/branches/2.x/src/etc/remoting.security.policy.core =================================================================== --- remoting2/branches/2.x/src/etc/remoting.security.policy.core 2008-04-09 06:51:29 UTC (rev 3913) +++ remoting2/branches/2.x/src/etc/remoting.security.policy.core 2008-04-09 06:55:22 UTC (rev 3914) @@ -1,3 +1,24 @@ +// JBoss, Home of Professional Open Source +// Copyright 2005, JBoss Inc., and individual contributors as indicated +// by the @authors tag. See the copyright.txt in the distribution for a +// full listing of individual contributors. +// +// This is free software; you can redistribute it and/or modify it +// under the terms of the GNU Lesser General Public License as +// published by the Free Software Foundation; either version 2.1 of +// the License, or (at your option) any later version. +// +// This software is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this software; if not, write to the Free +// Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +// 02110-1301 USA, or see the FSF site: http://www.fsf.org. +// + //**************************************************************************************************************************************************************** //**************************************************************************************************************************************************************** //*************************************************** @@ -25,7 +46,7 @@ //**************************************************************************************************************************************************************** -grant codeBase "file:${build.home}/output/classes/-" +grant codeBase "file:${build.home}/output/lib/jboss-remoting.jar" { ///////////////////////////////////////////////////////////////////////////////////////////// @@ -54,21 +75,19 @@ ///////////////////////////////////////////////////////////////////////////////////////////// -// Used by remote class loading system +// Runtime permissions + // Used by remote class loading system permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "getClassLoader"; - -///////////////////////////////////////////////////////////////////////////////////////////// -// Used by: -// org.jboss.remoting.security.SSLSOcketBuilder -// org.jboss.remoting.transport.coyote.CoyoteInvoker -// org.jboss.remoting.transport.http.HTTPClientInvoker -// org.jboss.remoting.transport.servlet.web.ServerInvokerServlet -// org.jboss.remoting.transporter.TransporterHandler -// org.jboss.remoting.InvokerRegistry - + // Used by: + // org.jboss.remoting.security.SSLSocketBuilder + // org.jboss.remoting.transport.coyote.CoyoteInvoker + // org.jboss.remoting.transport.http.HTTPClientInvoker + // org.jboss.remoting.transport.servlet.web.ServerInvokerServlet + // org.jboss.remoting.transporter.TransporterHandler + // org.jboss.remoting.InvokerRegistry permission java.lang.RuntimePermission "accessClassInPackage.*"; @@ -77,63 +96,53 @@ permission javax.management.MBeanTrustPermission "register"; - // org.jboss.remoting.callback.ServerInvokerCallbackHandler ?? getClassLoader + // Used by org.jboss.remoting.callback.ServerInvokerCallbackHandler ?? getClassLoader permission javax.management.MBeanPermission "*#SSLSocketBuilder[*:*]", "getAttribute"; -// permission javax.management.MBeanPermission"org.jboss.remoting.security.SSLServerSocketFactoryServiceMBean#-[*:*]", "getClassLoaderFor, isInstanceOf"; -// permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#-[*:*]", "getClassLoaderFor"; permission javax.management.MBeanPermission "*#-[*:*]", "isInstanceOf"; - // org.jboss.remoting.detection.AbstractDetector // necessary for proxy ? + // Used by org.jboss.remoting.detection.AbstractDetector // necessary for proxy ? permission javax.management.MBeanPermission "*#addServer[remoting:type=NetworkRegistry]", "invoke"; permission javax.management.MBeanPermission "*#updateServer[remoting:type=NetworkRegistry]", "invoke"; permission javax.management.MBeanPermission "*#removeServer[remoting:type=NetworkRegistry]", "invoke"; permission javax.management.MBeanPermission "*#Servers[*:*]", "getAttribute"; // needed - - // org.jboss.remoting.detection.util.DetectorUtil + // Used by org.jboss.remoting.detection.util.DetectorUtil permission javax.management.MBeanServerPermission "createMBeanServer"; permission javax.management.MBeanPermission "org.jboss.remoting.network.NetworkRegistry#-[remoting:type=NetworkRegistry]", "registerMBean"; permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[jboss.remoting:type=Connector,*]", "registerMBean"; permission javax.management.MBeanPermission "org.jboss.remoting.detection.*#-[remoting:type=Detector,*]", "registerMBean"; -// permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[jboss.remoting:type=Connector,*]", "registerMBean, queryMBeans, isInstanceOf"; - - // org.jboss.remoting.ident.Identity -// permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "isInstanceOf"; + // Used by org.jboss.remoting.ident.Identity permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#MBeanServerId[JMImplementation:type=MBeanServerDelegate]", "getAttribute"; permission javax.management.MBeanPermission "-#ServerDataDir[jboss.system:type=ServerConfig]", "getAttribute"; -// permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "queryMBeans, isInstanceOf"; - // org.jboss.remoting.network.NetworkRegistryFinder + // Used by org.jboss.remoting.network.NetworkRegistryFinder permission javax.management.MBeanPermission "*#-[*:*]", "queryMBeans"; - // org.jboss.remoting.network.NetworkRegistryQuery // need getClassloaderFor ?? + // Used by org.jboss.remoting.network.NetworkRegistryQuery // need getClassloaderFor ?? permission javax.management.MBeanPermission "org.jboss.remoting.network.NetworkRegistry#-[*:*]", "isInstanceOf"; - // org.jboss.remoting.security.CustomSSLServerSocketFactory // necessary ?? + // Used by org.jboss.remoting.security.CustomSSLServerSocketFactory // necessary ?? permission javax.management.MBeanPermission "org.jboss.remoting.security.CustomSSLServerSocketFactory#*[*:*]", "invoke"; - // org.jboss.remoting.security.ServerSocketFactoryWrapper + // Used by org.jboss.remoting.security.ServerSocketFactoryWrapper permission javax.management.MBeanPermission "*#createServerSocket[*:*]", "invoke"; - // org.jboss.remoting.transport.Connector // isInstanceOf ?? + // Used by org.jboss.remoting.transport.Connector // isInstanceOf ?? permission javax.management.MBeanPermission "org.jboss.remoting.transport.*#-[jboss.remoting:service=invoker,*]", "registerMBean, unregisterMBean"; -// permission javax.management.MBeanPermission "org.jboss.remoting.transport.*#-[jboss.remoting:service=invoker,*]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf"; - // org.jboss.remoting.transport.servlet.web.ServerInvokerServlet + // Used by org.jboss.remoting.transport.servlet.web.ServerInvokerServlet permission javax.management.MBeanServerPermission "findMBeanServer"; - // org.jboss.remoting.transporter.InternalTransporterServices + // Used by org.jboss.remoting.transporter.InternalTransporterServices permission javax.management.MBeanPermission "org.jboss.remoting.network.NetworkRegistry#-[remoting:type=NetworkRegistry]", "registerMBean"; - // org.jboss.remoting.transporter.TransporterClient and org.jboss.remoting.transporter.Transporter.Server + // Used by org.jboss.remoting.transporter.TransporterClient and org.jboss.remoting.transporter.Transporter.Server permission javax.management.MBeanServerPermission "createMBeanServer"; -// permission javax.management.MBeanPermission "*#-[*:*]", "isInstanceOf, registerMBean"; - - + ///////////////////////////////////////////////////////////////////////////////////////////// -// Can't create sockets without it +// Socket permissions. Can't create sockets without it. permission java.net.SocketPermission "*:*", "accept,connect,listen,resolve"; @@ -172,18 +181,11 @@ permission java.util.PropertyPermission "remoting.stream.port", "read"; permission java.util.PropertyPermission "remoting.stream.transport", "read"; permission java.util.PropertyPermission "tomcat.util.buf.StringCache.*", "read"; - - -///////////////////////////////////////////////////////////////////////////////////////////// -// Tomcat native - TODO - this should be in a privileged block in jbossnative -// permission java.lang.RuntimePermission "loadLibrary.tcnative-1"; -// permission java.lang.RuntimePermission "loadLibrary.libtcnative-1"; -// permission java.util.PropertyPermission "java.library.path", "read"; - ///////////////////////////////////////////////////////////////////////////////////////////// -// TODO - JBoss Serialization SHOULD be doing these operations in a privileged block - JBSER-105 +// Permissions used by JBossSerialization. +// [TODO - JBoss Serialization SHOULD be doing these operations in a privileged block - JBSER-105] permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "accessClassInPackage.*"; @@ -191,12 +193,13 @@ permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission java.io.SerializablePermission "enableSubclassImplementation"; - // org.jboss.remoting.serialization.impl.java.MarshalledValueOutputStream - permission java.io.SerializablePermission "enableSubstitution"; // <- this one is a "maybe" :-) + // Used by org.jboss.remoting.serialization.impl.java.MarshalledValueOutputStream + permission java.io.SerializablePermission "enableSubstitution"; ///////////////////////////////////////////////////////////////////////////////////////////// -// TODO - We should use a version of JBoss logging + log4j that does this stuff in privileged blocks +// Permissions used by Logging +// [TODO - We should use a version of JBoss logging + log4j that does this stuff in privileged blocks] permission java.io.FilePermission "${build.home}${/}src${/}etc${/}log4j.properties", "read"; permission java.io.FilePermission "${build.home}${/}src${/}etc${/}log4j.xml", "read"; @@ -218,15 +221,3 @@ permission java.util.PropertyPermission "org.apache.commons.logging.Log", "read"; }; - -//**************************************************************************************************************************************************************** -//**************************************************************************************************************************************************************** -//****************************************************************** -//**** Permissions for third party libraries **** -//****************************************************************** -//****************************************************************** -grant codeBase "file:${build.home}/lib/-" -{ - permission java.security.AllPermission; -}; -

18 years

1
0
0 / 0

JBoss Remoting SVN: r3913 - remoting2/branches/2.x/src/tests/org/jboss/test/remoting/marshall/dynamic/remote/socket.

by jboss-remoting-commits＠lists.jboss.org

Author: ron.sigal(a)jboss.com Date: 2008-04-09 02:51:29 -0400 (Wed, 09 Apr 2008) New Revision: 3913 Modified: remoting2/branches/2.x/src/tests/org/jboss/test/remoting/marshall/dynamic/remote/socket/SocketMarshallerLoadingTestCase.java Log: JBREM-925: Eliminated unnecessary import. Modified: remoting2/branches/2.x/src/tests/org/jboss/test/remoting/marshall/dynamic/remote/socket/SocketMarshallerLoadingTestCase.java =================================================================== --- remoting2/branches/2.x/src/tests/org/jboss/test/remoting/marshall/dynamic/remote/socket/SocketMarshallerLoadingTestCase.java 2008-04-09 06:51:10 UTC (rev 3912) +++ remoting2/branches/2.x/src/tests/org/jboss/test/remoting/marshall/dynamic/remote/socket/SocketMarshallerLoadingTestCase.java 2008-04-09 06:51:29 UTC (rev 3913) @@ -27,7 +27,6 @@ import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; -import org.apache.log4j.Level; import org.jboss.jrunit.harness.TestDriver; /**

18 years

1
0
0 / 0

JBoss Remoting SVN: r3912 - remoting2/branches/2.x/src/tests/org/jboss/test/remoting/marshall/dynamic/remote/http.

by jboss-remoting-commits＠lists.jboss.org

Author: ron.sigal(a)jboss.com Date: 2008-04-09 02:51:10 -0400 (Wed, 09 Apr 2008) New Revision: 3912 Modified: remoting2/branches/2.x/src/tests/org/jboss/test/remoting/marshall/dynamic/remote/http/HTTPMarshallerLoadingTestCase.java Log: JBREM-925: Eliminated unnecessary imiports. Modified: remoting2/branches/2.x/src/tests/org/jboss/test/remoting/marshall/dynamic/remote/http/HTTPMarshallerLoadingTestCase.java =================================================================== --- remoting2/branches/2.x/src/tests/org/jboss/test/remoting/marshall/dynamic/remote/http/HTTPMarshallerLoadingTestCase.java 2008-04-09 03:29:35 UTC (rev 3911) +++ remoting2/branches/2.x/src/tests/org/jboss/test/remoting/marshall/dynamic/remote/http/HTTPMarshallerLoadingTestCase.java 2008-04-09 06:51:10 UTC (rev 3912) @@ -23,12 +23,10 @@ package org.jboss.test.remoting.marshall.dynamic.remote.http; import java.io.IOException; -import java.net.InetAddress; import java.security.AccessController; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; -import org.apache.log4j.Level; import org.jboss.jrunit.harness.TestDriver; /**

18 years

1
0
0 / 0

JBoss Remoting SVN: r3911 - remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http.

by jboss-remoting-commits＠lists.jboss.org

Author: david.lloyd(a)jboss.com Date: 2008-04-08 23:29:35 -0400 (Tue, 08 Apr 2008) New Revision: 3911 Modified: remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/Http.java Log: Message types Modified: remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/Http.java =================================================================== --- remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/Http.java 2008-04-09 03:29:10 UTC (rev 3910) +++ remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/Http.java 2008-04-09 03:29:35 UTC (rev 3911) @@ -10,4 +10,28 @@ private Http() {} + enum MessageType { + SESSION_OPEN, + SESSION_CLOSE, + + STREAM_OPEN, + STREAM_CLOSE, + STREAM_DATA, + + SERVICE_CLOSING, + + SERVICE_CLOSE, + SERVICE_CONTEXT_OPEN, + + CONTEXT_CLOSE, + + CONTEXT_CLOSING, + + REQUEST, + REQUEST_CANCEL, + + REQUEST_REPLY, + REQUEST_EXCEPTION, + REQUEST_CANCELLED, + } }

18 years

1
0
0 / 0

JBoss Remoting SVN: r3910 - remoting3/trunk/api/src/main/java/org/jboss/cx/remoting/spi/protocol.

by jboss-remoting-commits＠lists.jboss.org

Author: david.lloyd(a)jboss.com Date: 2008-04-08 23:29:10 -0400 (Tue, 08 Apr 2008) New Revision: 3910 Modified: remoting3/trunk/api/src/main/java/org/jboss/cx/remoting/spi/protocol/ProtocolHandler.java Log: javadoc Modified: remoting3/trunk/api/src/main/java/org/jboss/cx/remoting/spi/protocol/ProtocolHandler.java =================================================================== --- remoting3/trunk/api/src/main/java/org/jboss/cx/remoting/spi/protocol/ProtocolHandler.java 2008-04-09 03:29:00 UTC (rev 3909) +++ remoting3/trunk/api/src/main/java/org/jboss/cx/remoting/spi/protocol/ProtocolHandler.java 2008-04-09 03:29:10 UTC (rev 3910) @@ -201,7 +201,7 @@ * Send data over a stream. Returns a message output buffer that the message is written into. When the message * is fully written, the {@link org.jboss.cx.remoting.spi.ObjectMessageOutput#commit()} method will be called to perform * the transmission. The supplied executor should be passed in to - * {@link org.jboss.cx.remoting.spi.protocol.ProtocolContext#getMessageOutput(org.jboss.cx.remoting.spi.ByteMessageOutput , java.util.concurrent.Executor)}, + * {@link org.jboss.cx.remoting.spi.protocol.ProtocolContext#getMessageOutput(org.jboss.cx.remoting.spi.ByteMessageOutput,java.util.concurrent.Executor)}, * if that method is used for serialization. * * @param streamIdentifier the stream to send data on

18 years

1
0
0 / 0

JBoss Remoting SVN: r3909 - remoting3/trunk/srp/src/main/java/org/jboss/cx/remoting/core/security/sasl.

by jboss-remoting-commits＠lists.jboss.org

Author: david.lloyd(a)jboss.com Date: 2008-04-08 23:29:00 -0400 (Tue, 08 Apr 2008) New Revision: 3909 Modified: remoting3/trunk/srp/src/main/java/org/jboss/cx/remoting/core/security/sasl/AbstractSrpSaslParticipant.java Log: Imports Modified: remoting3/trunk/srp/src/main/java/org/jboss/cx/remoting/core/security/sasl/AbstractSrpSaslParticipant.java =================================================================== --- remoting3/trunk/srp/src/main/java/org/jboss/cx/remoting/core/security/sasl/AbstractSrpSaslParticipant.java 2008-04-08 14:29:27 UTC (rev 3908) +++ remoting3/trunk/srp/src/main/java/org/jboss/cx/remoting/core/security/sasl/AbstractSrpSaslParticipant.java 2008-04-09 03:29:00 UTC (rev 3909) @@ -13,13 +13,11 @@ import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; -import java.security.AccessController; import java.util.Arrays; import java.util.Collections; import java.util.HashMap; import java.util.Map; import java.util.Random; -import org.jboss.cx.remoting.core.security.sasl.BufferFactory; import org.jboss.cx.remoting.util.IoUtil; import javax.crypto.BadPaddingException;

18 years

1
0
0 / 0

JBoss Remoting SVN: r3908 - remoting3/trunk.

by jboss-remoting-commits＠lists.jboss.org

Author: david.lloyd(a)jboss.com Date: 2008-04-08 10:29:27 -0400 (Tue, 08 Apr 2008) New Revision: 3908 Modified: remoting3/trunk/build.properties Log: Switch to snapshot (r358) of jbser Modified: remoting3/trunk/build.properties =================================================================== --- remoting3/trunk/build.properties 2008-04-07 19:14:37 UTC (rev 3907) +++ remoting3/trunk/build.properties 2008-04-08 14:29:27 UTC (rev 3908) @@ -99,7 +99,7 @@ lib.jboss-managed.local=${local.repository}/${lib.jboss-managed.local-path} lib.jboss-managed.remote=${remote.repository}/${lib.jboss-managed.remote-path} -lib.jboss-serialization.version=1.1.0.Beta1 +lib.jboss-serialization.version=1.1.0-snapshot-r358 lib.jboss-serialization.name=jboss-serialization.jar lib.jboss-serialization.license=lgpl lib.jboss-serialization.local-dir=jboss-serialization/${lib.jboss-serialization.version}/lib

18 years

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

jboss-remoting-commits April 2008