[jboss-dev-forums] [Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149
anil.saldhana@jboss.com
do-not-reply at jboss.com
Tue Nov 11 02:27:45 EST 2008
Adrian, we have an opportunity to use the jar url format to specify the permissions instead of the vfs url format. I know this is not ideal but I have tested the following:
| grant codeBase "jar:file:${jboss.server.home.dir}/deploy/jms-ra.rar!/jms-ra.jar/-" {
| permission java.lang.RuntimePermission "setContextClassLoader";
| permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup";
| permission java.io.FilePermission "${jboss.home.dir}/lib/jboss-aop.jar", "read";
| permission javax.management.MBeanPermission "*", "getAttribute,invoke,setAttribute";
| };
|
| grant codeBase "jar:file:${jboss.server.home.dir}/deploy/jbossweb.sar!/jstl.jar/-" {
| permission java.security.AllPermission;
| };
|
| etc
|
http://anonsvn.jboss.org/repos/jbossas/trunk/testsuite/src/resources/securitymgr/server.policy
Basically the VFSUtils.getRealURL(vfsURL) returns the jar url or file url depending on whether the vfs protocol is "vfszip" or "vfsfile".
Please comment on this approach.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4188357#4188357
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4188357
More information about the jboss-dev-forums
mailing list