[jboss-dev-forums] [Design of Security on JBoss] - JBNAME-8, updates to security in naming server
scott.stark@jboss.org
do-not-reply at jboss.com
Thu Oct 2 11:38:35 EDT 2008
https://jira.jboss.org/jira/browse/JBNAME-8
I have added security permission checks when running under a security manager to the jnpserver project for the 5.0.0.CR3 release. The following RuntimePermissions are required for sensitive NamingContext operations:
NamingContext.getHANamingServerForPartition requires RuntimePermission("org.jboss.naming.NamingContext.getHANamingServerForPartition");
NamingContext.setHANamingServerForPartition/removeHANamingServerForPartition requires RuntimePermission("org.jboss.naming.NamingContext.setHANamingServerForPartition");
NamingContext.getLocal requires RuntimePermission("org.jboss.naming.NamingContext.getLocal");
NamingContext.setLocal requires RuntimePermission("org.jboss.naming.NamingContext.setLocal");
The NamingServer has a new JndiPermission(String path, String actions) permission that is adopted from the OpenJDK java.io.FilePermission. It uses only the unix '/' path separator, and has the following actions:
bind - Context.bind permission
rebind - Context.rebind permission
unbind - Context.unbind permission.
lookup - Context.lookup permission.
list - Context.list permission.
listBindings - Context.listBindings permission.
createSubcontext - Context.createSubcontext permission
* - alias for all of the above actions
It also has a special path name <<ALL BINDINGS>> that matches any jndi path, similar to the FilePermission <<ALL FILES>> path.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4180082#4180082
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4180082
More information about the jboss-dev-forums
mailing list