Author: ron.sigal(a)jboss.com Date: 2008-05-07 19:49:10 -0400 (Wed, 07 May 2008) New Revision: 4138 Modified: remoting2/branches/2.x/src/etc/remoting.security.policy.core Log: JBREM-920, JBREM-977: Added documentation about MBean proxies; removed some unnecessary permissions and comment lines. Modified: remoting2/branches/2.x/src/etc/remoting.security.policy.core =================================================================== --- remoting2/branches/2.x/src/etc/remoting.security.policy.core 2008-05-07 23:42:08 UTC (rev 4137) +++ remoting2/branches/2.x/src/etc/remoting.security.policy.core 2008-05-07 23:49:10 UTC (rev 4138) @@ -27,18 +27,27 @@ //**** with the permissions necessary to run the code in the org.jboss.remoting.* //**** packages. All security sensitive calls in Remoting are wrapped in a //**** java.security.AccessController.doPrivileged() call, so that Remoting classes -//**** can function in the context of a java.lang.SecurityManager, given the permissions -//**** listed below, even if the calling code runs without these restrictions. +//**** can function in the context of a java.lang.SecurityManager, given the some +//**** variation on the permissionslisted below, even if the calling code runs without +//**** these restrictions. //**** //**** There are two ways in which it may be necessary or desirable to modify the //**** the permissions listed below. //**** //**** 1. It may be necessary to change the java.io.FilePermission permissions, according -//**** to the configuration of certain files. See the "File permissions" section below. +//**** to the configuration of certain files. See the "File permissions" section below, +//**** as well as the accompanying remoting.security.policy.tests file, which is used +//**** to run the Remoting test suite. //**** -//**** 2. Some permission may be eliminated, according to which Remoting facilities are used. +//**** 2. If Remoting is configured to operate with one or more MBeans in place of POJOs, +//**** it might be necessary to grant additional MBeanPermissions. See the MBean +//**** permissions section below, as well as the MBeanPermissions granted to the +//**** org.jboss.test.remoting.security.*ProxyTestCase test classes in the accompanying +//**** remoting.security.policy.tests file, which is used to run the Remoting test suite //**** -//**** Other than changes made according to item 1, it should not be necessary to grant +//**** 3. Some permission may be eliminated, according to which Remoting facilities are used. +//**** +//**** Other than changes made according to items 1 and 2, it should not be necessary to grant //**** any additional permissions. //**** //*************************************************** @@ -68,37 +77,32 @@ permission java.io.FilePermission ".", "read, write"; permission java.io.FilePermission "*", "read, write"; - -///////////////////////////////////////////////////////////////////////////////////////////// -// Runtime permissions +// // Some variation of the following would be needed for SSL transports: +// permission java.io.FilePermission "${keystore}", "read"; +// permission java.io.FilePermission "${truststore}", "read"; - // Used by remote class loading system - permission java.lang.RuntimePermission "createClassLoader"; - permission java.lang.RuntimePermission "getClassLoader"; - // Used by: - // org.jboss.remoting.security.SSLSocketBuilder - // org.jboss.remoting.transport.coyote.CoyoteInvoker - // org.jboss.remoting.transport.http.HTTPClientInvoker - // org.jboss.remoting.transport.servlet.web.ServerInvokerServlet - // org.jboss.remoting.transporter.TransporterHandler - // org.jboss.remoting.InvokerRegistry - permission java.lang.RuntimePermission "accessClassInPackage.*"; - - // Used by org.jboss.remoting.transport.coyote.CoyoteInvoker - permission java.lang.RuntimePermission "loadLibrary.tcnative-1"; - permission java.lang.RuntimePermission "loadLibrary.libtcnative-1"; - - ///////////////////////////////////////////////////////////////////////////////////////////// // MBean permissions +// // Some variation of the following might be needed if Remoting gets an MBean in place of an ordinary object. +// permission javax.management.MBeanPermission "*#MBeanServer[*:*]", "setAttribute"; +// +// // For example, if a Connector is configured with MBean ServerInvocationHandler: +// permission javax.management.MBeanPermission "com.bluemonkey.ServerInvocationHandler#MBeanServer[*:*]", "setAttribute"; +// +// // Some variation of the following might be needed if Remoting gets an MBean in place of an ordinary object. +// //permission javax.management.MBeanPermission *#*[*:*]", "invoke, registerMBean, unregisterMBean"; +// +// // For example, if a Connector is configured with an MBean ServerSocketFactory: +// //permission javax.management.MBeanPermission "com.bluemonkey.ServerSocketFactory#createServerSocket[acme:type=serversocketfactory]", "invoke"; + permission javax.management.MBeanTrustPermission "register"; - // Used by org.jboss.remoting.callback.ServerInvokerCallbackHandler ?? getClassLoader + // Used by org.jboss.remoting.callback.ServerInvokerCallbackHandler permission javax.management.MBeanPermission "*#SSLSocketBuilder[*:*]", "getAttribute"; - permission javax.management.MBeanPermission "*#-[*:*]", "isInstanceOf"; - + permission javax.management.MBeanPermission "*#-[*:*]", "isInstanceOf"; + // Used by org.jboss.remoting.detection.AbstractDetector permission javax.management.MBeanPermission "*#addServer[remoting:type=NetworkRegistry]", "invoke"; permission javax.management.MBeanPermission "*#updateServer[remoting:type=NetworkRegistry]", "invoke"; @@ -118,16 +122,10 @@ // Used by org.jboss.remoting.network.NetworkRegistryFinder permission javax.management.MBeanPermission "*#-[*:*]", "queryMBeans"; - // Used by org.jboss.remoting.network.NetworkRegistryQuery // need getClassloaderFor ?? + // Used by org.jboss.remoting.network.NetworkRegistryQuery permission javax.management.MBeanPermission "org.jboss.remoting.network.NetworkRegistry#-[*:*]", "isInstanceOf"; - - // Used by org.jboss.remoting.security.CustomSSLServerSocketFactory // necessary ?? -// permission javax.management.MBeanPermission "org.jboss.remoting.security.CustomSSLServerSocketFactory#*[*:*]", "invoke"; - - // Used by org.jboss.remoting.security.ServerSocketFactoryWrapper - permission javax.management.MBeanPermission "*#createServerSocket[*:*]", "invoke"; - - // Used by org.jboss.remoting.transport.Connector // isInstanceOf ?? + + // Used by org.jboss.remoting.transport.Connector permission javax.management.MBeanPermission "org.jboss.remoting.transport.*#-[jboss.remoting:service=invoker,*]", "registerMBean, unregisterMBean"; // Used by org.jboss.remoting.transport.servlet.web.ServerInvokerServlet @@ -141,6 +139,27 @@ ///////////////////////////////////////////////////////////////////////////////////////////// +// Runtime permissions + + // Used by remote class loading system + permission java.lang.RuntimePermission "createClassLoader"; + permission java.lang.RuntimePermission "getClassLoader"; + + // Used by: + // org.jboss.remoting.security.SSLSocketBuilder + // org.jboss.remoting.transport.coyote.CoyoteInvoker + // org.jboss.remoting.transport.http.HTTPClientInvoker + // org.jboss.remoting.transport.servlet.web.ServerInvokerServlet + // org.jboss.remoting.transporter.TransporterHandler + // org.jboss.remoting.InvokerRegistry + permission java.lang.RuntimePermission "accessClassInPackage.*"; + + // Used by org.jboss.remoting.transport.coyote.CoyoteInvoker + permission java.lang.RuntimePermission "loadLibrary.tcnative-1"; + permission java.lang.RuntimePermission "loadLibrary.libtcnative-1"; + + +///////////////////////////////////////////////////////////////////////////////////////////// // Socket permissions. Can't create sockets without it. permission java.net.SocketPermission "*:*", "accept,connect,listen,resolve"; @@ -198,6 +217,8 @@ // Used by Used by org.jboss.remoting.transport.coyote.CoyoteInvoker permission java.util.PropertyPermission "java.library.path", "read"; + permission java.util.PropertyPermission "org.apache.tomcat.util.*", "read"; + permission java.util.PropertyPermission "tomcat.util.buf.StringCache.*", "read"; // Used by org.jboss.remoting.transport.http.HTTPClientInvoker permission java.util.PropertyPermission "http.basic.password", "read"; @@ -207,16 +228,11 @@ permission java.util.PropertyPermission "org.jboss.security.ignoreHttpsHost" , "read"; // Used by org.jboss.remoting.util.SecurityUtility -// permission java.util.PropertyPermission "java.security.manager", "read"; permission java.util.PropertyPermission "skipAccessControl", "read"; // Used by org.jboss.remoting.Version permission java.util.PropertyPermission "jboss.remoting.pre_2_0_compatible", "read"; permission java.util.PropertyPermission "jboss.remoting.version", "read, write"; - - // ???? - permission java.util.PropertyPermission "org.apache.tomcat.util.*", "read"; - permission java.util.PropertyPermission "tomcat.util.buf.StringCache.*", "read"; ///////////////////////////////////////////////////////////////////////////////////////////// @@ -237,16 +253,10 @@ // Permissions used by Logging // [TODO - We should use a version of JBoss logging + log4j that does this stuff in privileged blocks] -// permission java.io.FilePermission "${build.home}${/}src${/}etc${/}log4j.properties", "read"; -// permission java.io.FilePermission "${build.home}${/}src${/}etc${/}log4j.xml", "read"; -// permission java.io.FilePermission "${build.home}${/}lib${/}apache-log4j${/}lib${/}log4j.jar", "read"; -// permission java.io.FilePermission "file:${build.home}/output/lib/jboss-remoting.jar", "read"; - permission java.io.FilePermission "${remoting.jar.dir}${/}jboss-remoting.jar", "read"; permission java.io.FilePermission "${log4j.jar.dir}${/}log4j.jar", "read"; permission java.io.FilePermission "${log4j.config.dir}${/}log4j.properties", "read"; permission java.io.FilePermission "${log4j.config.dir}${/}log4j.xml", "read"; -// permission java.io.FilePermission "${build.home}${/}output${/}classes${/}-", "read"; permission java.util.PropertyPermission "org.jboss.logging.Logger.pluginClass", "read"; permission java.util.PropertyPermission "log4j.defaultInitOverride", "read"; @@ -260,6 +270,5 @@ permission java.util.PropertyPermission "log4j.debug", "read"; permission java.util.PropertyPermission "log4j.configuration", "read"; permission java.util.PropertyPermission "org.apache.commons.logging.*", "read"; -// permission java.util.PropertyPermission "org.apache.commons.logging.Log", "read"; };