[jboss-cvs] JBossAS SVN: r82175 - projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Dec 9 21:57:58 EST 2008
Author: Darrin
Date: 2008-12-09 21:57:58 -0500 (Tue, 09 Dec 2008)
New Revision: 82175
Modified:
projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Requirements_for_the_Evaluated_Configuration.xml
Log:
JBOSSCC-31
Modified: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Requirements_for_the_Evaluated_Configuration.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Requirements_for_the_Evaluated_Configuration.xml 2008-12-10 02:56:27 UTC (rev 82174)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Requirements_for_the_Evaluated_Configuration.xml 2008-12-10 02:57:58 UTC (rev 82175)
@@ -198,8 +198,9 @@
</listitem>
<listitem>
- <para>Disable Remote Method Invocation (RMI) under the Internet Inter-ORB
- Protocol (IIOP).</para>
+ <para>
+ Disable Remote Method Invocation (RMI) under the Internet Inter-ORB Protocol (IIOP)
+ </para>
</listitem>
<listitem>
@@ -278,16 +279,16 @@
<itemizedlist>
<listitem>
- <para>org.jboss.security.auth.spi.UsersRolesLoginModule</para>
+ <para><classname>org.jboss.security.auth.spi.UsersRolesLoginModule</classname></para>
</listitem>
<listitem>
- <para>org.jboss.security.auth.spi.LdapLoginModule</para>
+ <para><classname>org.jboss.security.auth.spi.LdapLoginModule</classname></para>
</listitem>
<listitem>
- <para>org.jboss.security.auth.spi.DatabaseServerLoginModule</para>
+ <para><classname>org.jboss.security.auth.spi.DatabaseServerLoginModule</classname></para>
</listitem>
<listitem>
- <para>org.jboss.security.auth.spi.BaseCertLoginModule</para>
+ <para><classname>org.jboss.security.auth.spi.BaseCertLoginModule</classname></para>
</listitem>
</itemizedlist>
@@ -299,10 +300,10 @@
<itemizedlist>
<listitem>
- <para>org.jboss.security.plugins.JaasSecurityManager </para>
+ <para><classname>org.jboss.security.plugins.JaasSecurityManager</classname></para>
</listitem>
<listitem>
- <para>org.jboss.security.plugins.JaasSecurityDomain </para>
+ <para><classname>org.jboss.security.plugins.JaasSecurityDomain</classname></para>
</listitem>
</itemizedlist>
@@ -432,53 +433,95 @@
<ulink url="http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp03/html-single/Server_Configuration_Guide/index.html#alternative_DBs"></ulink>.</para>
</section>
- <section id="Common_Criteria_Guide-Developer_Guidelines-java_security_permissions">
- <title>Guidance on Configuring Java Security Permissions</title>
- <para>The system administrator for the operation of the certified system is expected
- to configure the security permissions for all enterprise applications that are deployed
- on the certified system, when the certified system runs in the security manager enabled
- mode.</para>
+ <section id="Common_Criteria_Guide-Developer_Guidelines-java_security_permissions">
+ <title>Guidance on Configuring Java Security Permissions</title>
+ <para>
+ The system administrator for the operation of the certified system is expected to
+ configure the security permissions for all enterprise applications that are deployed
+ on the certified system, when the certified system runs in the security manager
+ enabled mode.
+ </para>
- <note><para>This configuration is only necessary when running JBoss EAP with
- the Java Security Manager enabled. Refer to <xref linkend="enabling_JSM" /> for more
- details.</para></note>
+ <note>
+ <para>This configuration is only necessary when running JBoss EAP with the
+ Java Security Manager enabled. Refer to <xref linkend="enabling_JSM" /> for
+ more details.</para>
+ </note>
- <para>Please refer to the url
- <ulink url="http://java.sun.com/j2se/1.5.0/docs/guide/security/permissions.html">http://java.sun.com/j2se/1.5.0/docs/guide/security/permissions.html</ulink>
- for information on configuring permissions in the JDK.</para>
+ <para>
+ Please refer to the Java documentation for information on configuring permissions
+ in the JDK:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>Java 1.5: <ulink url="http://java.sun.com/j2se/1.5.0/docs/guide/security/permissions.html">http://java.sun.com/j2se/1.5.0/docs/guide/security/permissions.html</ulink></para>
+ </listitem>
+ <listitem>
+ <para>Java 1.6: <ulink url="http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html">http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html</ulink></para>
+ </listitem>
+ </itemizedlist>
- <para>A single entry in the Java Security Manager policy that is shipped with the
- certified system follows the standard Java Standard Edition model. More information
- is provided at
- <ulink url="http://java.sun.com/j2se/1.5.0/docs/guide/security/PolicyFiles.html">http://java.sun.com/j2se/1.5.0/docs/guide/security/PolicyFiles.html</ulink>.</para>
+ <para>
+ A single entry in the Java Security Manager policy that is shipped with the
+ certified system follows the standard Java Standard Edition model. More information
+ is provided in the Java documentaion:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>Java 1.5: <ulink url="http://java.sun.com/j2se/1.5.0/docs/guide/security/PolicyFiles.html">http://java.sun.com/j2se/1.5.0/docs/guide/security/PolicyFiles.html</ulink></para>
+ </listitem>
+ <listitem>
+ <para>Java 1.6: <ulink url="http://java.sun.com/javase/6/docs/technotes/guides/security/PolicyFiles.html">http://java.sun.com/javase/6/docs/technotes/guides/security/PolicyFiles.html</ulink></para>
+ </listitem>
+ </itemizedlist>
- <para>An example would be the following:</para>
- <programlisting language="java"><xi:include href="extras/dev_guidelines_1.policy" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include></programlisting>
-
- <para>This is defined by the certified system by default to provide all permissions
- to the jmx console web application shipping in the deploy directory.</para>
+ <para>An example would be the following:</para>
+ <programlisting language="java"><xi:include href="extras/dev_guidelines_1.policy" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include></programlisting>
- <para>So if the administrator needs to provide permissions to an enterprise application
- called as <filename>TestDeployment.ear</filename> in the deploy directory of the certified
- system, then an example entry would be the following:</para>
- <programlisting language="java"><xi:include href="extras/dev_guidelines_2.policy" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include></programlisting>
+ <para>
+ This is defined by the certified system by default to provide all permissions to the jmx
+ console web application shipping in the deploy directory.
+ </para>
- <para>This entry provides the enterprise application called as <filename>TestDeployment.ear</filename>
- to read Java properties as well as the ability to create JAAS login context and obtain JAAS
- login configuration.</para>
+ <para>
+ So if the administrator needs to provide permissions to an enterprise application called
+ as <filename>TestDeployment.ear</filename> in the deploy directory of the certified
+ system, then an example entry would be the following:
+ </para>
+ <programlisting language="java"><xi:include href="extras/dev_guidelines_2.policy" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include></programlisting>
- <para>The certified system in the security manager enabled mode is a locked down system
- that forces the system administrator to configure the necessary security permissions for
- the operation of the user applications on the certified system.</para>
-
- <para>Any interaction with the JBoss JMX Kernel (which is the standard Java JDK MbeanServer)
- will require the appropriate <classname>javax.management.MBeanPermission</classname> as
- specified in the Java JDK MbeanServer interface
- (<ulink url="http://java.sun.com/j2se/1.5.0/docs/api/javax/management/MBeanServer.html">http://java.sun.com/j2se/1.5.0/docs/api/javax/management/MBeanServer.html</ulink>).</para>
+ <para>
+ This entry provides the enterprise application called as <filename>TestDeployment.ear</filename>
+ to read Java properties as well as the ability to create JAAS login context and obtain JAAS
+ login configuration.
+ </para>
- <para>We strongly recommend administrators to NOT assign a <property>java.security.AllPermission</property>
- to any of the user applications.</para>
- </section>
+ <para>
+ The certified system in the security manager enabled mode is a locked down system
+ that forces the system administrator to configure the necessary security permissions for
+ the operation of the user applications on the certified system.
+ </para>
+
+ <para>
+ Any interaction with the JBoss JMX Kernel (which is the standard Java JDK MbeanServer)
+ will require the appropriate <classname>javax.management.MBeanPermission</classname> as
+ specified in the Java JDK MbeanServer interface:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Java 1.5: <ulink url="http://java.sun.com/j2se/1.5.0/docs/api/javax/management/MBeanServer.html">http://java.sun.com/j2se/1.5.0/docs/api/javax/management/MBeanServer.html</ulink></para>
+ </listitem>
+ <listitem>
+ <para>Java 1.6: <ulink url="http://java.sun.com/javase/6/docs/api/javax/management/MBeanServer.html">http://java.sun.com/javase/6/docs/api/javax/management/MBeanServer.html</ulink></para>
+ </listitem>
+ </itemizedlist>
+
+ <para>
+ We strongly recommend administrators to NOT assign a <property>java.security.AllPermission</property>
+ to any of the user applications.
+ </para>
+
+ </section>
</section>
</chapter>
More information about the jboss-cvs-commits
mailing list