[jboss-dev-forums] [Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149

anil.saldhana@jboss.com do-not-reply at jboss.com
Tue Nov 11 19:34:47 EST 2008 

We used some stub handlers in the Main project with "org.jboss.booturl.xxx"  and with the following run command(notice the system property to set the handlers)

-Djava.security.manager -Djava.security.policy==/home/anil/jboss-5.0/jboss-head/testsuite/output/resources/securitymgr/server.policy -Djava.security.debug=access,failure,policy -Djava.protocol.handler.pkgs=org.jboss.booturl 

The following vfs entry in the policy file:


  | grant codeBase "vfszip:/home/anil/jboss-5.0/jboss-head/build/output/jboss-5.0.0.GA/lib/jboss-aop-asintegration-core.jar" {
  |  permission java.security.AllPermission;
  | };
  | 
  | 


>From the security manager logs:
policy:
  | policy: Adding policy entry:
  | policy:   signedBy null
  | policy:   codeBase vfszip:/home/anil/jboss-5.0/jboss-head/build/output/jboss-5.0.0.GA/lib/jboss-aop-asintegration-core.jar
  | access: access allowed (java.util.PropertyPermission java.protocol.handler.pkgsread)
  | access: access allowed (java.lang.reflect.ReflectPermission suppressAccessChecks)
  | policy:   (java.security.AllPermission <all permissions> <all actions>)
  | policy:
  | policy: Adding policy entry:
  | policy:   signedBy null
  | policy:   codeBase file:/home/anil/jboss-5.0/jboss-head/testsuite/output/lib/securitymgr/-
  | access: access allowed (java.io.FilePermission /home/anil/jboss-5.0/jboss-head/testsuite/output/lib/securitymgr/- read)
  | policy:   (java.util.PropertyPermission * read)
  | policy:   (java.io.FilePermission <<ALL FILES>> read,write,delete)
  | policy:   (unresolved org.jboss.naming.JndiPermission <<ALL BINDINGS>> lookup)
  | policy:
  | 

So it seems like we can read the vfs entries into the policy file implementation.  I need to still get the server to boot and report other problems.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4188627#4188627

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4188627

More information about the jboss-dev-forums mailing list