[jboss-cvs] JBossAS SVN: r82060 - branches/JBPAPP_4_2_0_GA_CP/system/src/bin.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Dec 4 19:19:24 EST 2008
Author: pskopek at redhat.com
Date: 2008-12-04 19:19:23 -0500 (Thu, 04 Dec 2008)
New Revision: 82060
Modified:
branches/JBPAPP_4_2_0_GA_CP/system/src/bin/security_cc.policy
Log:
JBOSSCC-30: Better comments on sections for security policy. No functional changes.
Modified: branches/JBPAPP_4_2_0_GA_CP/system/src/bin/security_cc.policy
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/system/src/bin/security_cc.policy 2008-12-04 22:00:17 UTC (rev 82059)
+++ branches/JBPAPP_4_2_0_GA_CP/system/src/bin/security_cc.policy 2008-12-05 00:19:23 UTC (rev 82060)
@@ -3,7 +3,14 @@
// Author: Anil Saldhana
//**********************************************************************
-// JBOSS code with codebase references in time of JBOSS startup
+//**********************************************************
+//
+// Section 1: JBOSS code with codebase references in time
+// of JBOSS startup
+// (Permissions are given fully)
+// Do not modify this section.
+//
+//**********************************************************
grant codeBase "file:${user.dir}/run.jar" {
permission java.security.AllPermission;
};
@@ -16,13 +23,16 @@
permission java.security.AllPermission;
};
+//******************* End of Section 1 **********************
+
//**********************************************************
//
-// Section 1: Java JDK Core Code
+// Section 2: Java JDK Core Code
+// Trusted core Java code
// (Permissions are given fully)
+// Do not modify this section.
//
-//*********************************************************
-// Trusted core Java code
+//**********************************************************
grant codeBase "file:${java.home}/lib/ext/-" {
permission java.security.AllPermission;
};
@@ -34,17 +44,17 @@
permission java.security.AllPermission;
};
-//*******************End JDK Core**************************
+//******************* End of Section 2 **********************
-
-//*********************************************************
+//**********************************************************
//
-// Section 2: Permissions assigned to JBoss Core Codebase
+// Section 3: Permissions assigned to JBoss Core Codebase
+// Trusted JBoss code
//
-//*********************************************************
-
-// Trusted core JBoss code
+// Do not modify this section.
+//
+//**********************************************************
grant codeBase "file:${jboss.home.dir}/bin/-" {
permission java.security.AllPermission;
};
@@ -559,18 +569,25 @@
permission org.jboss.naming.JndiPermission "JAXR", "bind,rebind,unbind,lookup,list,listBindings,createSubcontext";
};
-//**************************************************************
+//******************* End of Section 3 **********************
+
+//**********************************************************
//
-// Section 3: JBoss EAP Testsuite Permissions
-//
-//**************************************************************
+// Section 4: JBoss EAP Testsuite Permissions
+//
+// This section is just for test suite purpose and can
+// safely removed.
+// General recomendation: This section should be deleted or
+// commented out in production.
+//**********************************************************
+// Testing configuration lib directory permissions
grant codeBase "file:${user.dir}/../server/cc/lib/-" {
permission java.security.AllPermission;
};
// Permissions for the WarPermissionsUnitTestCase
-//Permissions for crypto tests (putProvider)
+// Permissions for crypto tests (putProvider)
grant codeBase "file:${jboss.test.deploy.dir}/-" {
permission java.util.PropertyPermission "*", "read";
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
@@ -579,7 +596,7 @@
};
// Following JDBC driver is included just for CC test purpose.
-// Uncomment this when testing agains Oracle DB or create your own for DB you are using.
+// When you test with different JDBC driver than Oracle DB you have to create your own entries.
grant codeBase "file:${jboss.server.home.dir}/lib/ojdbc14.jar" {
permission java.net.SocketPermission "dev68.qa.atl2.redhat.com:1521", "connect";
@@ -601,15 +618,28 @@
};
-//*******************End JBoss EAP Testsuite Permissions*********
+//******************* End of Section 4 **********************
//**************************************************************
//
-// Section 4: User Applications Permissions
+// Section 5: User Applications Permissions
//
+// This sections is for user application permissions.
+// Can be modified with care and attention to previously
+// entered permissions.
//**************************************************************
+
+// Following lines are here as template for creating JDBC driver permissions entry
+// specific for your database. If using Oracle, one can copy JDBC driver permissions
+// from Section 4.
+//grant codeBase "file:${jboss.server.home.dir}/lib/<your JDBC driver>.jar" {
+// <grant necessary permissions>
+//};
+
// Minimal permissions are allowed to everyone else
grant {
permission java.lang.RuntimePermission "queuePrintJob";
};
+
+//******************* End of Section 5 **********************
More information about the jboss-cvs-commits
mailing list