[jboss-cvs] JBossAS SVN: r79171 - branches/JBPAPP_4_2_0_GA_CP/system/src/bin.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Mon Oct 6 17:29:14 EDT 2008


Author: pskopek at redhat.com
Date: 2008-10-06 17:29:14 -0400 (Mon, 06 Oct 2008)
New Revision: 79171

Modified:
   branches/JBPAPP_4_2_0_GA_CP/system/src/bin/security_cc.policy
Log:
JBPAPP-1056 Identify and implement configuration changes need for CC
- changed security policy to grant permissions to individual jar, sar, war files to leave a place for users to include their application archives and grant their own permissions.

Modified: branches/JBPAPP_4_2_0_GA_CP/system/src/bin/security_cc.policy
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/system/src/bin/security_cc.policy	2008-10-06 21:22:22 UTC (rev 79170)
+++ branches/JBPAPP_4_2_0_GA_CP/system/src/bin/security_cc.policy	2008-10-06 21:29:14 UTC (rev 79171)
@@ -3,6 +3,7 @@
 // Author: Anil Saldhana 
 //**********************************************************************
 
+// JBOSS code with codebase references in time of JBOSS startup
 grant codeBase "file:${user.dir}/run.jar" {
   permission java.security.AllPermission;
 };
@@ -56,11 +57,446 @@
 grant codeBase "file:${jboss.server.home.dir}/work/-" {
    permission java.security.AllPermission;
 };
-grant codeBase "file:${jboss.server.home.dir}/lib/-" {
+
+grant codeBase "file:${jboss.server.home.dir}/lib/activation.jar" {
    permission java.security.AllPermission;
 };
 
-grant codeBase "file:${jboss.server.home.dir}/-" {
+grant codeBase "file:${jboss.server.home.dir}/lib/antlr.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/asm-attrs.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/asm.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/autonumber-plugin.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/avalon-framework.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/bcel.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/bindingservice-plugin.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/bsf.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/bsh-deployer.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/bsh.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/cglib.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/commons-codec.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/commons-collections.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/commons-httpclient.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/commons-logging.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/dom4j.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/ejb3-persistence.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/el-api.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/hibernate3.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/hibernate-annotations.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/hibernate-commons-annotations.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/hibernate-entitymanager.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/hibernate-validator.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/hsqldb.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/hsqldb-plugin.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jacorb.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/javassist.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jaxen.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-cache-jdk50.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-common-jdbc-wrapper.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-ejb3x.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jbossha.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-hibernate.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-iiop.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-j2ee.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-jaxrpc.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-jaxws.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-jca.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-jsr77.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-jsr88.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jbossjta-integration.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jbossjta.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-management.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-messaging-client.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-messaging.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-monitoring.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-remoting-int.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-remoting.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-saaj.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-serialization.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-srp.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jbosssx.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-transaction.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jbossts-common.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jboss-vfs.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jbossws-common.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jbossws-framework.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jbossws-jboss42.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jbossws-spi.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jgroups.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jmx-adaptor-plugin.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jnpserver.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/joesnmp.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/jsp-api.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/log4j.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/log4j-snmp-appender.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/mail.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/mail-plugin.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/properties-plugin.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/quartz-all.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/scheduler-plugin-example.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/scheduler-plugin.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/servlet-api.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/lib/xmlentitymgr.jar" {
+   permission java.security.AllPermission;
+};
+
+// DEPLOY DIR
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jboss-ha-local-jdbc.rar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jboss-ha-xa-jdbc.rar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jboss-local-jdbc.rar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jboss-xa-jdbc.rar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jms-ra.rar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/quartz-ra.rar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/httpha-invoker.sar/-" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jboss-web-cluster.sar/jboss-web-cluster.aop" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossws.sar/jaxb-api.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossws.sar/jaxb-impl.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossws.sar/jboss-jaxb-intros.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossws.sar/jboss-jaxrpc.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossws.sar/jboss-jaxws.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossws.sar/jboss-saaj.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossws.sar/jbossws-core.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossws.sar/jbossws-native.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossws.sar/policy.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossws.sar/stax-api.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossws.sar/wsdl4j.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossws.sar/wstx.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossws.sar/xmlsec.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/juddi-service.sar/juddi.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/juddi-service.sar/juddi-saaj.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/juddi-service.sar/juddi-service.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/juddi-service.sar/juddi.war" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/juddi-service.sar/scout.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/uuid-key-generator.sar/*" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/ejb3.deployer/-" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jboss-aop-jdk50.deployer/-" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jboss-bean.deployer/-" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jboss-web.deployer/*" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jboss-web.deployer/jsf-libs/*" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/management/-" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/tmp/-" {
    permission java.io.FilePermission "${jboss.server.home.dir}/-", "read,write,delete";
    permission java.io.FilePermission "${java.io.tmpdir}", "read,write,delete";
    
@@ -94,7 +530,6 @@
    
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
    
-   // TODO: specify exact ports 
    permission java.net.SocketPermission "*:1024-", "accept,listen";
    permission java.util.logging.LoggingPermission "control";
    
@@ -103,10 +538,6 @@
    
    permission javax.security.auth.PrivateCredentialPermission "javax.resource.spi.security.PasswordCredential * \"*\"", "read";
 
-   // experimental
-   //permission java.lang.RuntimePermission "createSecurityManager";
-   //permission java.lang.RuntimePermission "setSecurityManager";
-
    permission java.security.SecurityPermission "getPolicy";
    permission java.lang.RuntimePermission "accessClassInPackage.*";
    permission java.lang.RuntimePermission "getClassLoader";
@@ -119,7 +550,6 @@
 };
 
 
-
 //**************************************************************
 //
 //  Section 3: JBoss EAP Testsuite Permissions
@@ -140,6 +570,11 @@
    permission java.security.SecurityPermission "putProviderProperty.JBossSX";
 };
 
+// Following JDBC driver is included just for CC test purpose 
+grant codeBase "file:${jboss.server.home.dir}/lib/ojdbc14.jar" {
+   permission java.security.AllPermission;
+};
+
 //*******************End JBoss EAP Testsuite Permissions*********
 
 




More information about the jboss-cvs-commits mailing list