[jboss-cvs] JBossAS SVN: r82011 - trunk/testsuite/src/resources/securitymgr.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Dec 3 12:17:14 EST 2008
Author: anil.saldhana at jboss.com
Date: 2008-12-03 12:17:14 -0500 (Wed, 03 Dec 2008)
New Revision: 82011
Modified:
trunk/testsuite/src/resources/securitymgr/server.policy
Log:
JBAS-4154: updated sec mgr policy (vfs as well as real url version)
Modified: trunk/testsuite/src/resources/securitymgr/server.policy
===================================================================
--- trunk/testsuite/src/resources/securitymgr/server.policy 2008-12-03 16:34:44 UTC (rev 82010)
+++ trunk/testsuite/src/resources/securitymgr/server.policy 2008-12-03 17:17:14 UTC (rev 82011)
@@ -19,9 +19,9 @@
-//***********************************
-// Trusted core JBoss code
-//***********************************
+//********************************************
+// Trusted core JBoss code (REAL URL Version)
+//********************************************
grant codeBase "file:${jboss.home.dir}/bin/-" {
permission java.security.AllPermission;
};
@@ -30,6 +30,34 @@
permission java.security.AllPermission;
};
+grant codeBase "file:${jboss.home.dir}/lib/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.home.dir}/common/lib/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.home.dir}/server/lib/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deployers/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/work/-" {
+ permission java.security.AllPermission;
+};
+
+
+//********************************************
+// Trusted core JBoss code (VFS URL Version)
+//********************************************
grant codeBase "vfszip:${jboss.home.dir}/lib/-" {
permission java.security.AllPermission;
};
@@ -42,11 +70,11 @@
permission java.security.AllPermission;
};
-grant codeBase "vfszip:${jboss.server.home.dir}/lib/-" {
+grant codeBase "file:${jboss.server.home.dir}/lib/-" {
permission java.security.AllPermission;
};
-grant codeBase "vfszip:${jboss.server.home.dir}/deployers/-" {
+grant codeBase "file:${jboss.server.home.dir}/deployers/-" {
permission java.security.AllPermission;
};
@@ -54,13 +82,86 @@
permission java.security.AllPermission;
};
-grant codeBase "vfszip:${jboss.server.home.dir}/work/-" {
+
+//*******************************************************
+// Trusted Specific JBoss Code (REAL URL Version)
+//*******************************************************
+grant codeBase "file:${jboss.server.home.dir}/deploy/http-invoker.sar/invoker.war/-" {
+ permission javax.management.MBeanPermission "*", "addNotificationListener,getAttribute";
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jmx-console.war/-" {
permission java.security.AllPermission;
};
-//***************************************
-// Trusted Specific JBoss Code
-//**************************************
+grant codeBase "file:${jboss.server.home.dir}/deploy/jmx-remoting.sar/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission java.net.SocketPermission "*", "accept,listen,resolve";
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossweb.sar/jsf-libs/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jboss-local-jdbc.rar/-" {
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+grant codeBase "jar:file:${jboss.server.home.dir}/deploy/jboss-local-jdbc.rar!/jboss-local-jdbc.jar" {
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/management/console-mgr.sar/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission javax.management.MBeanPermission "*", "addNotificationListener,getAttribute";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","*";
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/uuid-key-generator.sar/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission javax.management.MBeanPermission "*", "getAttribute";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup,rebind,unbind";
+ permission java.lang.RuntimePermission "getClassLoader";
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossweb.sar/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "jar:file:${jboss.server.home.dir}/deploy/jms-ra.rar!/jms-ra.jar" {
+ permission java.lang.RuntimePermission "setContextClassLoader";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup";
+ permission java.io.FilePermission "${jboss.home.dir}/lib/jboss-aop.jar", "read";
+ permission javax.management.MBeanPermission "*", "getAttribute,invoke,setAttribute";
+};
+
+grant codeBase "jar:file:${jboss.server.home.dir}/deploy/jms-ra.rar/jms-ra.jar!/" {
+ permission java.lang.RuntimePermission "setContextClassLoader";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup";
+ permission java.io.FilePermission "${jboss.home.dir}/lib/jboss-aop.jar", "read";
+ permission javax.management.MBeanPermission "*", "getAttribute,invoke,setAttribute";
+};
+
+grant codeBase "jar:file:${jboss.server.home.dir}/deploy/quartz-ra.rar!/quartz-ra.jar" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "jar:file:${jboss.server.home.dir}/deploy/quartz-ra.rar/quartz-ra.jar!/" {
+ permission java.security.AllPermission;
+};
+
+
+
+//*******************************************************
+// Trusted Specific JBoss Code (VFS URL Version)
+//*******************************************************
grant codeBase "vfszip:${jboss.server.home.dir}/deploy/http-invoker.sar/invoker.war/-" {
permission javax.management.MBeanPermission "*", "addNotificationListener,getAttribute";
};
@@ -149,10 +250,59 @@
};
//***************************************************************
-// JBoss AS Test Suite Permissions
+// JBoss AS Test Suite Permissions (REAL URL Version)
//***************************************************************
// Permissions for the WarPermissionsUnitTestCase
+grant codeBase "file:${jboss.test.deploy.dir}/securitymgr/-" {
+ permission java.util.PropertyPermission "*", "read";
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup";
+};
+
+grant codeBase "file:${jboss.test.deploy.dir}/securitymgr/-" {
+ permission java.util.PropertyPermission "*", "read";
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+};
+
+grant codeBase "file:${jboss.test.deploy.dir}/jbosstest-web.ear/-" {
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","list,lookup";
+ permission org.jboss.naming.JndiPermission "env","list";
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+};
+
+grant codeBase "jar:file:${jboss.test.deploy.dir}/jbosstest-web.ear!/jbosstest-web.war" {
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","list,lookup";
+ permission org.jboss.naming.JndiPermission "env","list";
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+};
+grant codeBase "jar:file:${jboss.test.deploy.dir}/jbosstest-web.ear!/lib/util.jar" {
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+};
+
+
+grant codeBase "file:${jboss.test.deploy.dir}/-" {
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","listBindings,lookup";
+};
+
+grant codeBase "file:${jboss.test.deploy.dir}/class-loading.war/WEB-INF/classes/" {
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+ permission javax.management.MBeanPermission "*", "getMBeanInfo";
+};
+
+
+
+//***************************************************************
+// JBoss AS Test Suite Permissions (VFS URL Version)
+//***************************************************************
+
+// Permissions for the WarPermissionsUnitTestCase
grant codeBase "vfszip:${jboss.test.deploy.dir}/securitymgr/-" {
permission java.util.PropertyPermission "*", "read";
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
More information about the jboss-cvs-commits
mailing list