Author: ron.sigal(a)jboss.com
Date: 2008-05-07 19:52:09 -0400 (Wed, 07 May 2008)
New Revision: 4140
Modified:
remoting2/branches/2.x/src/etc/remoting.security.policy.tests.minimal
Log:
JBREM-920, JBREM-977: Added permissions (1) to read keystores and (2) read some system
properties.
Modified: remoting2/branches/2.x/src/etc/remoting.security.policy.tests.minimal
===================================================================
--- remoting2/branches/2.x/src/etc/remoting.security.policy.tests.minimal 2008-05-07
23:50:33 UTC (rev 4139)
+++ remoting2/branches/2.x/src/etc/remoting.security.policy.tests.minimal 2008-05-07
23:52:09 UTC (rev 4140)
@@ -22,12 +22,43 @@
//****************************************************************************************************************************************************************
//****************************************************************************************************************************************************************
//******************************************************************
+//**** Minimal set of permissions for Remoting classes ****
+//******************************************************************
+//******************************************************************
+
+grant codeBase "file:${remoting.jar.dir}/jboss-remoting.jar"
+{
+ // Permissions to read test keystores and truststores
+ permission java.io.FilePermission
"${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}bisocket${/}ssl${/}.keystore",
"read";
+ permission java.io.FilePermission
"${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}bisocket${/}ssl${/}.truststore",
"read";
+ permission java.io.FilePermission
"${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}rmi${/}ssl${/}.keystore",
"read";
+ permission java.io.FilePermission
"${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}rmi${/}ssl${/}.truststore",
"read";
+ permission java.io.FilePermission
"${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}socket${/}ssl${/}.keystore",
"read";
+ permission java.io.FilePermission
"${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}socket${/}ssl${/}.truststore",
"read";
+
+ };
+
+//****************************************************************************************************************************************************************
+//****************************************************************************************************************************************************************
+//******************************************************************
//**** Minimal set of permissions for tests ****
//******************************************************************
//******************************************************************
grant codeBase "file:${build.home}/output/tests/classes/-"
-{
+{
+ // Permissions to read test keystores and truststores
+ permission java.io.FilePermission
"${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}bisocket${/}ssl${/}.keystore",
"read";
+ permission java.io.FilePermission
"${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}bisocket${/}ssl${/}.truststore",
"read";
+ permission java.io.FilePermission
"${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}rmi${/}ssl${/}.keystore",
"read";
+ permission java.io.FilePermission
"${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}rmi${/}ssl${/}.truststore",
"read";
+ permission java.io.FilePermission
"${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}socket${/}ssl${/}.keystore",
"read";
+ permission java.io.FilePermission
"${build.home}${/}output${/}tests${/}classes${/}org${/}jboss${/}test${/}remoting${/}transport${/}socket${/}ssl${/}.truststore",
"read";
+
+ permission javax.management.MBeanServerPermission "createMBeanServer";
+ permission java.util.PropertyPermission "jrunit.bind_addr",
"read";
+ permission java.net.SocketPermission "*:*", "accept,resolve";
+
// org.jboss.test.remoting.transport.InvokerTestDriver
permission java.util.PropertyPermission "remoting.metadata",
"read";
permission java.util.PropertyPermission "jvm.mx", "read";
@@ -36,6 +67,12 @@
permission java.net.SocketPermission "*:*", "connect";
permission java.util.PropertyPermission "jboss-junit-configuration",
"read";
+ // org.jboss.test.remoting.transport.InvokerClientTest
+ permission java.util.PropertyPermission "remoting.metadata.callback",
"read";
+
+ // org.jboss.test.remoting.transport.web.WebInvokerTestClient
+ permission java.util.PropertyPermission "check_content_type",
"read";
+
/////////////////////////////////////////////////////////////////////////////////////////////
// TODO - We should use a version of JBoss logging + log4j that does this stuff in
privileged blocks
Show replies by date