[jboss-remoting-commits] JBoss Remoting SVN: r3915 - remoting2/branches/2.x/src/etc.

Author: ron.sigal(a)jboss.com Date: 2008-04-09 02:57:26 -0400 (Wed, 09 Apr 2008) New Revision: 3915 Modified: remoting2/branches/2.x/src/etc/remoting.security.policy.tests Log: JBREM-920, JBREM-934: Mostly cosmetic changes. Modified: remoting2/branches/2.x/src/etc/remoting.security.policy.tests =================================================================== --- remoting2/branches/2.x/src/etc/remoting.security.policy.tests 2008-04-09 06:55:22 UTC (rev 3914) +++ remoting2/branches/2.x/src/etc/remoting.security.policy.tests 2008-04-09 06:57:26 UTC (rev 3915) @@ -1,3 +1,24 @@ +// JBoss, Home of Professional Open Source +// Copyright 2005, JBoss Inc., and individual contributors as indicated +// by the @authors tag. See the copyright.txt in the distribution for a +// full listing of individual contributors. +// +// This is free software; you can redistribute it and/or modify it +// under the terms of the GNU Lesser General Public License as +// published by the Free Software Foundation; either version 2.1 of +// the License, or (at your option) any later version. +// +// This software is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this software; if not, write to the Free +// Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +// 02110-1301 USA, or see the FSF site: http://www.fsf.org. +// + //**************************************************************************************************************************************************************** //**************************************************************************************************************************************************************** //****************************************************************** @@ -4,7 +25,8 @@ //**** Permissions needed by Remoting to run the test suite **** //****************************************************************** //****************************************************************** -grant codeBase "file:${build.home}/output/classes/-" + +grant codeBase "file:${build.home}/output/lib/jboss-remoting.jar" { // Permission to read test keystores permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}-", "read"; @@ -23,10 +45,13 @@ //**************************************************************************************************************************************************************** //**************************************************************************************************************************************************************** -//*************************************************** -//**** Permissions used by the test suite **** -//*************************************************** -//*************************************************** +//**************************************************************************** +//**** Permissions used by the test suite **** +//**** (tests.functional.main, tests.functional.main.http, **** +//**** tests.functional.main.core, and tests.functional.main.http.core) **** +//**************************************************************************** +//**************************************************************************** + grant codeBase "file:${build.home}/output/tests/classes/-" { permission java.io.FilePermission "${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}classloader${/}race${/}test.jar", "read"; @@ -43,21 +68,21 @@ permission javax.management.MBeanTrustPermission "register"; - permission javax.management.MBeanServerPermission "createMBeanServer, findMBeanServer"; -// permission javax.management.MBeanServerPermission "*"; + permission javax.management.MBeanPermission "org.jboss.remoting.detection.multicast.MulticastDetector#-[remoting:*]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf"; + permission javax.management.MBeanPermission "org.jboss.remoting.network.NetworkRegistry#-[remoting:type=NetworkRegistry]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf, addNotificationListener"; + permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#-[jboss:type=serversocketfactory2]", "registerMBean"; + permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#-[jboss:type=serversocketfactory]", "registerMBean, queryMBeans, isInstanceOf"; + permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#createServerSocket[jboss:*]", "invoke"; permission javax.management.MBeanPermission "org.jboss.remoting.transport.*#-[jboss.remoting:service=invoker,*]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf"; permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[jboss.remoting:type=Connector,*]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf"; permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[test:type=connector]", "registerMBean"; + permission javax.management.MBeanPermission "org.jboss.remoting.transport.socket.SocketServerInvoker#Configuration[jboss.remoting:service=invoker,*]", "getAttribute"; + permission javax.management.MBeanPermission "org.jboss.test.remoting.detection.metadata.MetadataTestCase$TestNetworkRegistry#-[remoting:type=NetworkRegistry]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf, addNotificationListener"; - permission javax.management.MBeanPermission "org.jboss.remoting.network.NetworkRegistry#-[remoting:type=NetworkRegistry]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf, addNotificationListener"; - permission javax.management.MBeanPermission "org.jboss.remoting.detection.multicast.MulticastDetector#-[remoting:*]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf"; - permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#-[jboss:type=serversocketfactory]", "registerMBean, queryMBeans, isInstanceOf"; permission javax.management.MBeanPermission "org.jboss.test.remoting.transport.config.FactoryConfigTestCaseParent$SelfIdentifyingServerSocketFactory#-[jboss:type=serversocketfactory]", "registerMBean, queryMBeans, isInstanceOf"; - permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#-[jboss:type=serversocketfactory2]", "registerMBean"; - permission javax.management.MBeanPermission "org.jboss.remoting.security.SSLServerSocketFactoryService#createServerSocket[jboss:*]", "invoke"; + permission javax.management.MBeanPermission "org.jboss.test.remoting.transport.rmi.ssl.config.FactoryConfigTestCase$SerializableServerSocketFactory#-[jboss:type=serversocketfactory2]", "registerMBean"; permission javax.management.MBeanPermission "org.jboss.test.remoting.transport.rmi.ssl.config.FactoryConfigTestCase$SerializableServerSocketFactory#-[jboss:type=serversocketfactory]", "registerMBean"; - permission javax.management.MBeanPermission "org.jboss.test.remoting.transport.rmi.ssl.config.FactoryConfigTestCase$SerializableServerSocketFactory#-[jboss:type=serversocketfactory2]", "registerMBean"; - permission javax.management.MBeanPermission "org.jboss.remoting.transport.socket.SocketServerInvoker#Configuration[jboss.remoting:service=invoker,*]", "getAttribute"; + permission javax.management.MBeanServerPermission "createMBeanServer, findMBeanServer"; // This is technically the JNP server, but it seems intentional - note that this might mask other problems though permission java.net.SocketPermission "*:*", "accept, connect, resolve"; @@ -65,19 +90,30 @@ // TODO - this stuff ought to be in privileged blocks within the Ant JUnit task permission java.util.PropertyPermission "*", "read, write"; // ugh - // TODO - JBoss Serialization SHOULD be doing these operations in a privileged block - JBSER-105 -// permission java.lang.RuntimePermission "accessDeclaredMembers"; -// permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; -// permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; -// permission java.lang.RuntimePermission "reflectionFactoryAccess"; -// permission java.io.SerializablePermission "enableSubclassImplementation"; -// permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; -// permission java.io.SerializablePermission "enableSubstitution"; // <- this one is a "maybe" :-) - - permission java.util.PropertyPermission "loader.path", "read"; - // TESTING ONLY - Use with the LoggingSecurityManager to locate needed permissions for the above block // permission java.security.AllPermission; + +///////////////////////////////////////////////////////////////////////////////////////////// +// TODO - We should use a version of JBoss logging + log4j that does this stuff in privileged blocks + + permission java.io.FilePermission "${build.home}${/}src${/}etc${/}log4j.properties", "read"; + permission java.io.FilePermission "${build.home}${/}src${/}etc${/}log4j.xml", "read"; + permission java.io.FilePermission "${build.home}${/}lib${/}apache-log4j${/}lib${/}log4j.jar", "read"; + permission java.io.FilePermission "${build.home}${/}output${/}classes${/}-", "read"; + permission java.lang.RuntimePermission "accessClassInPackage.*"; + permission java.util.PropertyPermission "org.jboss.logging.Logger.pluginClass", "read"; + permission java.util.PropertyPermission "log4j.defaultInitOverride", "read"; + permission java.util.PropertyPermission "elementAttributeLimit", "read"; + permission java.util.PropertyPermission "maxOccurLimit", "read"; + permission java.util.PropertyPermission "entityExpansionLimit", "read"; + permission java.util.PropertyPermission "javax.xml.parsers.DocumentBuilderFactory", "read"; + permission java.util.PropertyPermission "log4j.ignoreTCL", "read"; + permission java.util.PropertyPermission "log4j.configuratorClass", "read"; + permission java.util.PropertyPermission "log4j.configDebug", "read"; + permission java.util.PropertyPermission "log4j.debug", "read"; + permission java.util.PropertyPermission "log4j.configuration", "read"; + permission java.util.PropertyPermission "org.apache.commons.logging.LogFactory", "read"; + permission java.util.PropertyPermission "org.apache.commons.logging.Log", "read"; }; @@ -86,16 +122,14 @@ //****************************************************************** //**** Permissions for third party libraries **** //****************************************************************** -//****************************************************************** -grant codeBase "file:${build.home}/lib/-" +//****************************************************************** + +grant codeBase "file:/${build.home}/lib/-" { permission java.security.AllPermission; }; -grant codeBase "file:${ant.library.dir}/-" { +grant codeBase "file:/${ant.library.dir}/-" +{ permission java.security.AllPermission; }; - -//grant codeBase "file:${build.home}/src/etc/-" { -// permission java.security.AllPermission; -//}; \ No newline at end of file