[jboss-dev-forums] [Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149
anil.saldhana@jboss.com
do-not-reply at jboss.com
Tue Nov 11 19:34:47 EST 2008
We used some stub handlers in the Main project with "org.jboss.booturl.xxx" and with the following run command(notice the system property to set the handlers)
-Djava.security.manager -Djava.security.policy==/home/anil/jboss-5.0/jboss-head/testsuite/output/resources/securitymgr/server.policy -Djava.security.debug=access,failure,policy -Djava.protocol.handler.pkgs=org.jboss.booturl
The following vfs entry in the policy file:
| grant codeBase "vfszip:/home/anil/jboss-5.0/jboss-head/build/output/jboss-5.0.0.GA/lib/jboss-aop-asintegration-core.jar" {
| permission java.security.AllPermission;
| };
|
|
>From the security manager logs:
policy:
| policy: Adding policy entry:
| policy: signedBy null
| policy: codeBase vfszip:/home/anil/jboss-5.0/jboss-head/build/output/jboss-5.0.0.GA/lib/jboss-aop-asintegration-core.jar
| access: access allowed (java.util.PropertyPermission java.protocol.handler.pkgsread)
| access: access allowed (java.lang.reflect.ReflectPermission suppressAccessChecks)
| policy: (java.security.AllPermission <all permissions> <all actions>)
| policy:
| policy: Adding policy entry:
| policy: signedBy null
| policy: codeBase file:/home/anil/jboss-5.0/jboss-head/testsuite/output/lib/securitymgr/-
| access: access allowed (java.io.FilePermission /home/anil/jboss-5.0/jboss-head/testsuite/output/lib/securitymgr/- read)
| policy: (java.util.PropertyPermission * read)
| policy: (java.io.FilePermission <<ALL FILES>> read,write,delete)
| policy: (unresolved org.jboss.naming.JndiPermission <<ALL BINDINGS>> lookup)
| policy:
|
So it seems like we can read the vfs entries into the policy file implementation. I need to still get the server to boot and report other problems.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4188627#4188627
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4188627
More information about the jboss-dev-forums
mailing list