[jboss-cvs] JBossAS SVN: r80691 - trunk/testsuite/src/resources/securitymgr.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Nov 7 17:00:57 EST 2008
Author: anil.saldhana at jboss.com
Date: 2008-11-07 17:00:57 -0500 (Fri, 07 Nov 2008)
New Revision: 80691
Modified:
trunk/testsuite/src/resources/securitymgr/server.policy
Log:
JBAS-4154: updated fine grained security manager policy
Modified: trunk/testsuite/src/resources/securitymgr/server.policy
===================================================================
--- trunk/testsuite/src/resources/securitymgr/server.policy 2008-11-07 21:52:19 UTC (rev 80690)
+++ trunk/testsuite/src/resources/securitymgr/server.policy 2008-11-07 22:00:57 UTC (rev 80691)
@@ -2,7 +2,9 @@
// Install with -Djava.security.policy==server.policy
// and -Djboss.home.dir=path_to_jboss_distribution
+// ***************************************
// Trusted core Java code
+//***************************************
grant codeBase "file:${java.home}/lib/ext/-" {
permission java.security.AllPermission;
};
@@ -14,40 +16,99 @@
permission java.security.AllPermission;
};
-// Trusted core Jboss code
+
+
+
+//***********************************
+// Trusted core JBoss code
+//***********************************
grant codeBase "file:${jboss.home.dir}/bin/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${jboss.home.dir}/lib/-" {
permission java.security.AllPermission;
};
-grant codeBase "vfsfile:${jboss.home.dir}/lib/-" {
+grant codeBase "file:${jboss.home.dir}/server/lib/-" {
permission java.security.AllPermission;
};
-grant codeBase "vfsfile:${jboss.server.home.dir}/lib/-" {
+grant codeBase "file:${jboss.server.home.dir}/lib/-" {
permission java.security.AllPermission;
};
-grant codeBase "vfsfile:${jboss.server.home.dir}/deploy/-" {
- permission java.security.AllPermission;
-};
grant codeBase "file:${jboss.server.home.dir}/deployers/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${jboss.server.home.dir}/work/-" {
permission java.security.AllPermission;
};
-grant codeBase "vfsfile:${jboss.server.home.dir}/work/-" {
+
+
+
+
+
+//***************************************
+// Trusted Specific JBoss Code
+//**************************************
+grant codeBase "file:${jboss.server.home.dir}/deploy/http-invoker.sar/invoker.war/-" {
+ permission javax.management.MBeanPermission "*", "addNotificationListener,getAttribute";
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jmx-remoting.sar/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission java.net.SocketPermission "*", "accept,listen,resolve";
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossweb.sar/jboss-web-service.jar" {
permission java.security.AllPermission;
};
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossweb.sar/jbossweb.jar" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossweb.sar/jsf-libs/-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/management/console-mgr.sar/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission javax.management.MBeanPermission "*", "addNotificationListener,getAttribute";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","*";
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/uuid-key-generator.sar/-" {
+ permission javax.management.MBeanTrustPermission "register";
+ permission org.jboss.naming.JndiPermission "HiLoKeyGeneratorFactory","rebind";
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jms-ra.rar/jms-ra.jar" {
+ permission java.lang.RuntimePermission "setContextClassLoader";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup";
+};
+
+
+
+
+
+//***************************************************************
+// JBoss AS Test Suite Permissions
+//***************************************************************
+
// Permissions for the WarPermissionsUnitTestCase
grant codeBase "file:${jboss.test.deploy.dir}/securitymgr/-" {
permission java.util.PropertyPermission "*", "read";
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup";
};
+grant codeBase "file:${jboss.test.deploy.dir}/-" {
+ permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup";
+};
+
+
// Minimal permissions are allowed to everyone else
grant {
+ permission java.io.FilePermission "file:${jboss.server.home.dir}/tmp/-", "read";
+ permission java.io.FilePermission "quartz.properties", "read";
permission java.util.PropertyPermission "*", "read";
permission java.lang.RuntimePermission "queuePrintJob";
permission java.net.SocketPermission "*", "connect";
More information about the jboss-cvs-commits
mailing list