3:21 p.m.
Author: ron.sigal(a)jboss.com
Date: 2008-04-10 16:21:28 -0400 (Thu, 10 Apr 2008)
New Revision: 3926
Modified:
remoting2/branches/2.x/src/etc/remoting.security.policy.core
Log:
JBREM-920, JBREM-934: (1) Added permissions for CoyoteInvoker; (2) commented
PropertyPermissions; (3) replaced ${build.home} with ${remoting.jar.dir} and
${log4j.config.jar).
Modified: remoting2/branches/2.x/src/etc/remoting.security.policy.core
===================================================================
--- remoting2/branches/2.x/src/etc/remoting.security.policy.core 2008-04-10 20:17:37 UTC
(rev 3925)
+++ remoting2/branches/2.x/src/etc/remoting.security.policy.core 2008-04-10 20:21:28 UTC
(rev 3926)
@@ -46,17 +46,12 @@
//****************************************************************************************************************************************************************
-grant codeBase "file:${build.home}/output/lib/jboss-remoting.jar"
+grant codeBase "file:${remoting.jar.dir}/jboss-remoting.jar"
{
/////////////////////////////////////////////////////////////////////////////////////////////
// File permissions
-// permission java.io.FilePermission "${build.home}", "read";
-// permission java.io.FilePermission "${build.home}/jboss.identity",
"read";
-// permission java.io.FilePermission "${build.home}", "read";
-// permission java.io.FilePermission "-", "read";
-
// Used by org.jboss.remotinng.callback.CallbackStore.
// This permission might need to be changed, depending on where the CallbackStore
// is configured to exist, according to system property
"jboss.server.data.dir".
@@ -82,13 +77,17 @@
permission java.lang.RuntimePermission "getClassLoader";
// Used by:
- // org.jboss.remoting.security.SSLSocketBuilder
- // org.jboss.remoting.transport.coyote.CoyoteInvoker
- // org.jboss.remoting.transport.http.HTTPClientInvoker
- // org.jboss.remoting.transport.servlet.web.ServerInvokerServlet
- // org.jboss.remoting.transporter.TransporterHandler
- // org.jboss.remoting.InvokerRegistry
+ // org.jboss.remoting.security.SSLSocketBuilder
+ // org.jboss.remoting.transport.coyote.CoyoteInvoker
+ // org.jboss.remoting.transport.http.HTTPClientInvoker
+ // org.jboss.remoting.transport.servlet.web.ServerInvokerServlet
+ // org.jboss.remoting.transporter.TransporterHandler
+ // org.jboss.remoting.InvokerRegistry
permission java.lang.RuntimePermission "accessClassInPackage.*";
+
+ // Used by org.jboss.remoting.transport.coyote.CoyoteInvoker
+ permission java.lang.RuntimePermission "loadLibrary.tcnative-1";
+ permission java.lang.RuntimePermission "loadLibrary.libtcnative-1";
/////////////////////////////////////////////////////////////////////////////////////////////
@@ -100,11 +99,11 @@
permission javax.management.MBeanPermission "*#SSLSocketBuilder[*:*]",
"getAttribute";
permission javax.management.MBeanPermission "*#-[*:*]",
"isInstanceOf";
- // Used by org.jboss.remoting.detection.AbstractDetector // necessary for proxy ?
+ // Used by org.jboss.remoting.detection.AbstractDetector
permission javax.management.MBeanPermission
"*#addServer[remoting:type=NetworkRegistry]", "invoke";
permission javax.management.MBeanPermission
"*#updateServer[remoting:type=NetworkRegistry]", "invoke";
permission javax.management.MBeanPermission
"*#removeServer[remoting:type=NetworkRegistry]", "invoke";
- permission javax.management.MBeanPermission "*#Servers[*:*]",
"getAttribute"; // needed
+ permission javax.management.MBeanPermission "*#Servers[*:*]",
"getAttribute";
// Used by org.jboss.remoting.detection.util.DetectorUtil
permission javax.management.MBeanServerPermission "createMBeanServer";
@@ -123,7 +122,7 @@
permission javax.management.MBeanPermission
"org.jboss.remoting.network.NetworkRegistry#-[*:*]", "isInstanceOf";
// Used by org.jboss.remoting.security.CustomSSLServerSocketFactory // necessary ??
- permission javax.management.MBeanPermission
"org.jboss.remoting.security.CustomSSLServerSocketFactory#*[*:*]",
"invoke";
+// permission javax.management.MBeanPermission
"org.jboss.remoting.security.CustomSSLServerSocketFactory#*[*:*]",
"invoke";
// Used by org.jboss.remoting.security.ServerSocketFactoryWrapper
permission javax.management.MBeanPermission "*#createServerSocket[*:*]",
"invoke";
@@ -150,39 +149,72 @@
/////////////////////////////////////////////////////////////////////////////////////////////
// System properties accessed by Remoting
- permission java.util.PropertyPermission "SERIALIZATION", "read";
+ // Used by org.jboss.remoting.callback.CallbackStore,
+ // org.jboss.remoting.callback.ServerInvokerCallbackHandler
permission java.util.PropertyPermission "file.separator",
"read";
- permission java.util.PropertyPermission "http.basic.password",
"read";
- permission java.util.PropertyPermission "http.basic.username",
"read";
- permission java.util.PropertyPermission "javax.net.ssl.keyStore",
"read";
- permission java.util.PropertyPermission "javax.net.ssl.keyStorePassword",
"read";
- permission java.util.PropertyPermission "javax.net.ssl.keyStoreType",
"read";
- permission java.util.PropertyPermission "javax.net.ssl.trustStore",
"read";
- permission java.util.PropertyPermission "javax.net.ssl.trustStorePassword",
"read";
- permission java.util.PropertyPermission "javax.net.ssl.trustStoreType",
"read";
- permission java.util.PropertyPermission "jboss.bind.address",
"read";
+ permission java.util.PropertyPermission "jboss.server.data.dir",
"read";
+
+ // Used by org.jboss.remoting.detection.util.DetectorUtil,
permission java.util.PropertyPermission "jboss.identity", "read,
write";
+
+ // Used by org.jboss.remoting.ident.Identity
+ permission java.util.PropertyPermission "jboss.identity", "read,
write";
permission java.util.PropertyPermission "jboss.identity.dir",
"read";
permission java.util.PropertyPermission "jboss.identity.domain",
"read";
+
+ // Used by org.jboss.remoting.InvokerLocator
+ permission java.util.PropertyPermission "jboss.bind.address",
"read";
+ permission java.util.PropertyPermission "legacyParsing", "read";
+ permission java.util.PropertyPermission "remoting.bind_by_host",
"read";
+
+ // Used by org.jboss.remoting.loading.CompressedClassBytes
permission java.util.PropertyPermission "jboss.remoting.compression.debug",
"read";
- permission java.util.PropertyPermission "jboss.remoting.compression.min",
"read";
+ permission java.util.PropertyPermission "jboss.remoting.compression.min",
"read";
+
+ // Used by org.jboss.remoting.network.NetworkRegistry
permission java.util.PropertyPermission "jboss.remoting.domain",
"write";
permission java.util.PropertyPermission "jboss.remoting.instanceid",
"write";
permission java.util.PropertyPermission "jboss.remoting.jmxid",
"write";
- permission java.util.PropertyPermission
"jboss.remoting.pre_2_0_compatible", "read";
- permission java.util.PropertyPermission "jboss.remoting.version",
"read, write";
- permission java.util.PropertyPermission "jboss.server.data.dir",
"read";
- permission java.util.PropertyPermission "legacyParsing", "read";
- permission java.util.PropertyPermission "org.apache.tomcat.util.*",
"read";
+
+ // Used by org.jboss.remoting.security.SSLSocketBuilder
+ permission java.util.PropertyPermission "javax.net.ssl.keyStore",
"read";
+ permission java.util.PropertyPermission "javax.net.ssl.keyStorePassword",
"read";
+ permission java.util.PropertyPermission "javax.net.ssl.keyStoreType",
"read";
+ permission java.util.PropertyPermission "javax.net.ssl.trustStore",
"read";
+ permission java.util.PropertyPermission "javax.net.ssl.trustStorePassword",
"read";
+ permission java.util.PropertyPermission "javax.net.ssl.trustStoreType",
"read";
permission java.util.PropertyPermission
"org.jboss.remoting.defaultSocketFactory", "read";
- permission java.util.PropertyPermission
"org.jboss.security.ignoreHttpsHost" , "read";
+
+ // Used by org.jboss.remoting.serialization.SerializationStreamFactory
+ permission java.util.PropertyPermission "SERIALIZATION", "read";
+
+ // Used by org.jboss.remoting.ServerInvoker
permission java.util.PropertyPermission "remoting.bind_by_host",
"read";
+
+ // Used by org.jboss.remoting.stream.StreamServer
permission java.util.PropertyPermission "remoting.stream.host",
"read";
permission java.util.PropertyPermission "remoting.stream.port",
"read";
- permission java.util.PropertyPermission "remoting.stream.transport",
"read";
+ permission java.util.PropertyPermission "remoting.stream.transport",
"read";
+
+ // Used by Used by org.jboss.remoting.transport.coyote.CoyoteInvoker
+ permission java.util.PropertyPermission "java.library.path",
"read";
+
+ // Used by org.jboss.remoting.transport.http.HTTPClientInvoker
+ permission java.util.PropertyPermission "http.basic.password",
"read";
+ permission java.util.PropertyPermission "http.basic.username",
"read";
+
+ // Used by org.jboss.remoting.transport.http.ssl.HTTPSClientInvoker
+ permission java.util.PropertyPermission
"org.jboss.security.ignoreHttpsHost" , "read";
+
+ // Used by org.jboss.remoting.Version
+ permission java.util.PropertyPermission
"jboss.remoting.pre_2_0_compatible", "read";
+ permission java.util.PropertyPermission "jboss.remoting.version",
"read, write";
+
+ // ????
+ permission java.util.PropertyPermission "org.apache.tomcat.util.*",
"read";
permission java.util.PropertyPermission "tomcat.util.buf.StringCache.*",
"read";
-
+
/////////////////////////////////////////////////////////////////////////////////////////////
// Permissions used by JBossSerialization.
// [TODO - JBoss Serialization SHOULD be doing these operations in a privileged block -
JBSER-105]
@@ -201,23 +233,29 @@
// Permissions used by Logging
// [TODO - We should use a version of JBoss logging + log4j that does this stuff in
privileged blocks]
- permission java.io.FilePermission
"${build.home}${/}src${/}etc${/}log4j.properties", "read";
- permission java.io.FilePermission
"${build.home}${/}src${/}etc${/}log4j.xml", "read";
- permission java.io.FilePermission
"${build.home}${/}lib${/}apache-log4j${/}lib${/}log4j.jar", "read";
- permission java.io.FilePermission
"${build.home}${/}output${/}classes${/}-", "read";
- permission java.lang.RuntimePermission "accessClassInPackage.*";
- permission java.util.PropertyPermission
"org.jboss.logging.Logger.pluginClass", "read";
- permission java.util.PropertyPermission "log4j.defaultInitOverride",
"read";
- permission java.util.PropertyPermission "elementAttributeLimit",
"read";
- permission java.util.PropertyPermission "maxOccurLimit",
"read";
- permission java.util.PropertyPermission "entityExpansionLimit",
"read";
- permission java.util.PropertyPermission
"javax.xml.parsers.DocumentBuilderFactory", "read";
- permission java.util.PropertyPermission "log4j.ignoreTCL",
"read";
- permission java.util.PropertyPermission "log4j.configuratorClass",
"read";
- permission java.util.PropertyPermission "log4j.configDebug",
"read";
- permission java.util.PropertyPermission "log4j.debug", "read";
- permission java.util.PropertyPermission "log4j.configuration",
"read";
- permission java.util.PropertyPermission
"org.apache.commons.logging.LogFactory", "read";
- permission java.util.PropertyPermission "org.apache.commons.logging.Log",
"read";
+// permission java.io.FilePermission
"${build.home}${/}src${/}etc${/}log4j.properties", "read";
+// permission java.io.FilePermission
"${build.home}${/}src${/}etc${/}log4j.xml", "read";
+// permission java.io.FilePermission
"${build.home}${/}lib${/}apache-log4j${/}lib${/}log4j.jar", "read";
+// permission java.io.FilePermission
"file:${build.home}/output/lib/jboss-remoting.jar", "read";
+
+ permission java.io.FilePermission
"${remoting.jar.dir}${/}jboss-remoting.jar", "read";
+ permission java.io.FilePermission "${log4j.jar.dir}${/}log4j.jar",
"read";
+ permission java.io.FilePermission
"${log4j.config.dir}${/}log4j.properties", "read";
+ permission java.io.FilePermission "${log4j.config.dir}${/}log4j.xml",
"read";
+// permission java.io.FilePermission
"${build.home}${/}output${/}classes${/}-", "read";
+
+ permission java.util.PropertyPermission
"org.jboss.logging.Logger.pluginClass", "read";
+ permission java.util.PropertyPermission "log4j.defaultInitOverride",
"read";
+ permission java.util.PropertyPermission "elementAttributeLimit",
"read";
+ permission java.util.PropertyPermission "maxOccurLimit", "read";
+ permission java.util.PropertyPermission "entityExpansionLimit",
"read";
+ permission java.util.PropertyPermission
"javax.xml.parsers.DocumentBuilderFactory", "read";
+ permission java.util.PropertyPermission "log4j.ignoreTCL",
"read";
+ permission java.util.PropertyPermission "log4j.configuratorClass",
"read";
+ permission java.util.PropertyPermission "log4j.configDebug",
"read";
+ permission java.util.PropertyPermission "log4j.debug", "read";
+ permission java.util.PropertyPermission "log4j.configuration",
"read";
+ permission java.util.PropertyPermission "org.apache.commons.logging.*",
"read";
+// permission java.util.PropertyPermission "org.apache.commons.logging.Log",
"read";
};
6614
days inactive
6614
days old
jboss-remoting-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
jboss-remoting-commits@lists.jboss.org