7:26 p.m.
Author: ron.sigal(a)jboss.com
Date: 2008-04-02 20:26:34 -0400 (Wed, 02 Apr 2008)
New Revision: 3880
Modified:
remoting2/branches/2.x/test.policy
Log:
JBREM-934: Reorganized.
Modified: remoting2/branches/2.x/test.policy
===================================================================
--- remoting2/branches/2.x/test.policy 2008-04-02 21:38:33 UTC (rev 3879)
+++ remoting2/branches/2.x/test.policy 2008-04-03 00:26:34 UTC (rev 3880)
@@ -1,6 +1,9 @@
-//***************************************************
+//****************************************************************************************************************************************************************
+//****************************************************************************************************************************************************************
+//***************************************************
//**** Permissions to run Remoting itself ****
//***************************************************
+//***************************************************
grant codeBase "file:${build.home}/output/classes/-"
{
/////////////////////////////////////////////////////////////////////////////////////////////
@@ -10,68 +13,67 @@
permission java.lang.RuntimePermission "getClassLoader";
/////////////////////////////////////////////////////////////////////////////////////////////
+// Used by:
+// org.jboss.remoting.security.SSLSOcketBuilder
+// org.jboss.remoting.transport.coyote.CoyoteInvoker
+// org.jboss.remoting.transport.http.HTTPClientInvoker
+// org.jboss.remoting.transport.servlet.web.ServerInvokerServlet
+// org.jboss.remoting.transporter.TransporterHandler
+// org.jboss.remoting.InvokerRegistry
+
+ permission java.lang.RuntimePermission "accessClassInPackage.*";
+
+/////////////////////////////////////////////////////////////////////////////////////////////
// Can't create sockets without it
permission java.net.SocketPermission "*:*",
"accept,connect,listen,resolve";
/////////////////////////////////////////////////////////////////////////////////////////////
-// HTTP client invokers use Class.getMethod()
-
- permission java.lang.RuntimePermission
"accessClassInPackage.sun.net.www.protocol.https";
- permission java.lang.RuntimePermission
"accessClassInPackage.sun.net.www.protocol.http";
-
-/////////////////////////////////////////////////////////////////////////////////////////////
// MBean permissions
permission javax.management.MBeanServerPermission "createMBeanServer,
releaseMBeanServer";
permission javax.management.MBeanTrustPermission "register";
+
+ // org.jboss.remoting.callback.ServerInvokerCallbackHandler
+ permission javax.management.MBeanPermission "*#SSLSocketBuilder[*:*]",
"getAttribute";
+ permission javax.management.MBeanPermission
"org.jboss.remoting.security.SSLServerSocketFactoryServiceMBean#-[*:*]",
"isInstanceOf";
+ permission javax.management.MBeanPermission
"org.jboss.remoting.security.SSLServerSocketFactoryService#-[*:*]",
"getClassLoaderFor, isInstanceOf";
+
+ // org.jboss.remoting.detection.AbstractDetector
+ permission javax.management.MBeanPermission
"*#addServer[remoting:type=NetworkRegistry]", "invoke";
+ permission javax.management.MBeanPermission
"*#updateServer[remoting:type=NetworkRegistry]", "invoke";
+ permission javax.management.MBeanPermission
"*#removeServer[remoting:type=NetworkRegistry]", "invoke";
+ permission javax.management.MBeanPermission "*#Servers[*:*]",
"getAttribute";
+ // org.jboss.remoting.detection.util.DetectorUtil
+ permission javax.management.MBeanPermission
"org.jboss.remoting.network.NetworkRegistry#-[remoting:type=NetworkRegistry]",
"registerMBean";
+ permission javax.management.MBeanPermission
"org.jboss.remoting.transport.Connector#-[jboss.remoting:type=Connector,*]",
"registerMBean, queryMBeans, isInstanceOf";
+
// org.jboss.remoting.ident.Identity
permission javax.management.MBeanPermission
"javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]",
"queryMBeans, isInstanceOf";
permission javax.management.MBeanPermission
"javax.management.MBeanServerDelegate#MBeanServerId[JMImplementation:type=MBeanServerDelegate]",
"getAttribute";
permission javax.management.MBeanPermission
"-#ServerDataDir[jboss.system:type=ServerConfig]", "getAttribute";
- // org.jboss.remoting.callback.ServerInvokerCallbackHandler
- permission javax.management.MBeanPermission "*#SSLSocketBuilder[*:*]",
"getAttribute";
- permission javax.management.MBeanPermission
"org.jboss.remoting.security.SSLServerSocketFactoryServiceMBean#-[*:*]",
"isInstanceOf";
- permission javax.management.MBeanPermission
"org.jboss.remoting.security.SSLServerSocketFactoryService#-[*:*]",
"getClassLoaderFor";
-
// org.jboss.remoting.network.NetworkRegistryFinder
permission javax.management.MBeanPermission "*#-[*:*]",
"queryMBeans";
- // jboss.remoting.network.NetworkRegistryQuery
+ // org.jboss.remoting.network.NetworkRegistryQuery
permission javax.management.MBeanPermission "NetworkRegistryMBean#-[*:*]",
"isInstanceOf";
+
+ // org.jboss.remoting.security.CustomSSLServerSocketFactory
+ permission javax.management.MBeanPermission
"org.jboss.remoting.security.CustomSSLServerSocketFactory#*[*:*]",
"invoke";
- // org.jboss.remoting.detection.AbstractDetector
-// permission javax.management.MBeanPermission "*#*[*:*]",
"invoke";
- permission javax.management.MBeanPermission
"*#addServer[remoting:type=NetworkRegistry]", "invoke";
- permission javax.management.MBeanPermission
"*#updateServer[remoting:type=NetworkRegistry]", "invoke";
- permission javax.management.MBeanPermission
"*#removeServer[remoting:type=NetworkRegistry]", "invoke";
- permission javax.management.MBeanPermission "*#Servers[*:*]",
"getAttribute";
-
+ // org.jboss.remoting.security.ServerSocketFactoryWrapper
+ permission javax.management.MBeanPermission "*#createServerSocket[*:*]",
"invoke";
+
// org.jboss.remoting.transport.Connector
permission javax.management.MBeanPermission
"org.jboss.remoting.transport.*#-[jboss.remoting:service=invoker,*]",
"unregisterMBean, registerMBean, queryMBeans, isInstanceOf";
- // org.jboss.remoting.detection.util.DetectorUtil and
org.jboss.remoting.transporter.InternalTransporterServices
+ // org.jboss.remoting.transporter.InternalTransporterServices
permission javax.management.MBeanPermission
"org.jboss.remoting.network.NetworkRegistry#-[remoting:type=NetworkRegistry]",
"registerMBean";
+
+// permission javax.management.MBeanPermission "*#-[*:*]",
"isInstanceOf, registerMBean";
- // org.jboss.remoting.detection.util.DetectorUtil
- permission javax.management.MBeanPermission
"org.jboss.remoting.transport.Connector#-[jboss.remoting:type=Connector,*]",
"registerMBean, queryMBeans, isInstanceOf";
-
-// permission javax.management.MBeanPermission
"org.jboss.remoting.detection.multicast.MulticastDetector#-[remoting:type=JNDIDetector]",
"queryMBeans, isInstanceOf";
-// permission javax.management.MBeanPermission
"org.jboss.remoting.detection.multicast.MulticastDetector#-[remoting:type=MulticastDetector]",
"queryMBeans, isInstanceOf, unregisterMBean";
-// permission javax.management.MBeanPermission
"org.jboss.remoting.network.NetworkRegistry#-[remoting:type=NetworkRegistry]",
"queryMBeans, isInstanceOf";
-
-// permission javax.management.MBeanPermission
"org.jboss.remoting.security.SSLServerSocketFactoryService#-[*:*]",
"isInstanceOf";
-
- // org.jboss.remoting.security.CustomSSLServerSocketFactory
- permission javax.management.MBeanPermission
"org.jboss.remoting.security.CustomSSLServerSocketFactory#*[*:*]",
"invoke";
-
-
- permission javax.management.MBeanPermission
"org.jboss.*#createServerSocket[*:*]", "invoke";
- permission javax.management.MBeanPermission "*#-[*:*]", "isInstanceOf,
registerMBean";
-
-
// TODO: Figure out why these aren't covered by the AllPermission entries below
// permission javax.management.MBeanPermission
"org.jboss.test.remoting.detection.metadata.MetadataTestCase$TestNetworkRegistry#-[remoting:type=NetworkRegistry]",
"unregisterMBean, registerMBean, queryMBeans, isInstanceOf";
@@ -111,13 +113,6 @@
permission java.util.PropertyPermission "tomcat.util.buf.StringCache.*",
"read";
/////////////////////////////////////////////////////////////////////////////////////////////
-// Tomcat native - TODO - this should be in a privileged block in jbossnative
-
- permission java.lang.RuntimePermission "loadLibrary.tcnative-1";
- permission java.lang.RuntimePermission "loadLibrary.libtcnative-1";
- permission java.util.PropertyPermission "java.library.path",
"read";
-
-/////////////////////////////////////////////////////////////////////////////////////////////
// File permissions
permission java.io.FilePermission "${build.home}", "read";
@@ -128,12 +123,13 @@
// Permission for org.jboss.remoting.ident.Identity to create and read
"jboss.identity" file. Could be extended.
permission java.io.FilePermission "-", "read, write";
-
+
/////////////////////////////////////////////////////////////////////////////////////////////
-// Used by org.jboss.util.propertyeditor.PropertyEditors.mapJavaBeanProperties(), though
still a Remoting permission I think
+// Tomcat native - TODO - this should be in a privileged block in jbossnative
- permission java.lang.RuntimePermission
"accessClassInPackage.sun.beans.editors";
- permission java.lang.RuntimePermission
"accessClassInPackage.sun.net.www.protocol.http";
+ permission java.lang.RuntimePermission "loadLibrary.tcnative-1";
+ permission java.lang.RuntimePermission "loadLibrary.libtcnative-1";
+ permission java.util.PropertyPermission "java.library.path",
"read";
/////////////////////////////////////////////////////////////////////////////////////////////
// TODO - JBoss Serialization SHOULD be doing these operations in a privileged block -
JBSER-105
@@ -171,20 +167,31 @@
};
+//****************************************************************************************************************************************************************
+//****************************************************************************************************************************************************************
//******************************************************************
//**** Permissions for third party libraries ****
+//******************************************************************
//******************************************************************
grant codeBase "file:${build.home}/lib/-"
{
permission java.security.AllPermission;
};
+grant codeBase "file:${ant.library.dir}/-" {
+ permission java.security.AllPermission;
+};
+
//grant codeBase "file:${build.home}/src/etc/-" {
// permission java.security.AllPermission;
//};
+
+//****************************************************************************************************************************************************************
+//****************************************************************************************************************************************************************
//******************************************************************
//**** Permissions needed by Remoting to run the test suite ****
+//******************************************************************
//******************************************************************
grant codeBase "file:${build.home}/output/classes/-"
{
@@ -192,9 +199,13 @@
permission java.io.FilePermission "${build.home}/output/tests/classes/-",
"read";
};
+
+//****************************************************************************************************************************************************************
+//****************************************************************************************************************************************************************
//***************************************************
//**** Permissions used by the test suite ****
//***************************************************
+//***************************************************
grant codeBase "file:${build.home}/output/tests/classes/-"
{
// Used by the test suite itself
@@ -207,7 +218,6 @@
permission javax.management.MBeanPermission
"org.jboss.remoting.transport.Connector#-[test:type=connector]",
"registerMBean";
permission javax.management.MBeanPermission
"org.jboss.test.remoting.detection.metadata.MetadataTestCase$TestNetworkRegistry#-[remoting:type=NetworkRegistry]",
"registerMBean, unregisterMBean, queryMBeans, isInstanceOf,
addNotificationListener";
permission javax.management.MBeanPermission
"org.jboss.remoting.network.NetworkRegistry#-[remoting:type=NetworkRegistry]",
"registerMBean, unregisterMBean, queryMBeans, isInstanceOf,
addNotificationListener";
-// permission javax.management.MBeanPermission
"org.jboss.remoting.detection.multicast.MulticastDetector#-[remoting:type=JNDIDetector]",
"registerMBean, queryMBeans, isInstanceOf";
permission javax.management.MBeanPermission
"org.jboss.remoting.detection.multicast.MulticastDetector#-[remoting:*]",
"registerMBean, unregisterMBean, queryMBeans, isInstanceOf";
permission javax.management.MBeanPermission
"org.jboss.remoting.security.SSLServerSocketFactoryService#-[jboss:type=serversocketfactory]",
"registerMBean, queryMBeans, isInstanceOf";
permission javax.management.MBeanPermission
"org.jboss.test.remoting.transport.config.FactoryConfigTestCaseParent$SelfIdentifyingServerSocketFactory#-[jboss:type=serversocketfactory]",
"registerMBean, queryMBeans, isInstanceOf";
@@ -247,11 +257,8 @@
// permission java.security.AllPermission;
};
-grant codeBase "file:${ant.library.dir}/-" {
- permission java.security.AllPermission;
-};
grant
{
- permission java.security.SecurityPermission "getProperty.*";
+// permission java.security.SecurityPermission "getProperty.*";
};
\ No newline at end of file
6602
days inactive
6602
days old
jboss-remoting-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
jboss-remoting-commits@lists.jboss.org