[jira] Commented: (AXIS2-1110) Java 2 Security

Ruchith Udayanga Fernando (JIRA) Tue, 05 Sep 2006 20:53:57 -0700

    [ 
http://issues.apache.org/jira/browse/AXIS2-1110?page=comments#action_12432733 ] 
            
Ruchith Udayanga Fernando commented on AXIS2-1110:
--------------------------------------------------


IMHO you can use axis2 with java security policy to control access. 

Exmaple the following policy will makesure only the signed (signed by a key 
-alias : axis2- in the axis2.jks) jars, mars, and aars can access the file 
syatem and the sys properties specific to axis2.

Is this sufficient?

--------------------BEGIN--------------------

keystore "axis2.jks", "jks";

grant codeBase "file:${java.home}/lib/-" {
  permission java.security.AllPermission;
};

grant codeBase "file:${java.home}/jre/lib/ext/-" {
  permission java.security.AllPermission;
};

grant codeBase "file:${java.home}/../lib/-" {
  permission java.security.AllPermission;
};

grant codeBase "file:${java.home}/lib/ext/-" {
  permission java.security.AllPermission;
};

grant signedBy "axis2" {
  permission java.util.PropertyPermission "axis2.home", "read, write";
  permission java.util.PropertyPermission "axis2.repo", "read, write";
  permission java.util.PropertyPermission "axis2.xml", "read, write";
  permission java.util.PropertyPermission "derby.system.home", "read, write";
  permission java.util.PropertyPermission 
"javax.xml.parsers.DocumentBuilderFactory", "read, write";
  permission java.util.PropertyPermission 
"org.apache.commons.logging.LogFactory.HashtableImpl", "read, write";
  permission java.util.PropertyPermission "om.factory", "read, write";
  permission java.util.PropertyPermission "soap11.factory", "read, write";
  permission java.util.PropertyPermission "soap12.factory", "read, write";
  permission java.util.PropertyPermission "line.separator", "read, write";
};

grant signedBy "axis2" {
  permission java.util.PropertyPermission "java.home", "read";
  permission java.util.PropertyPermission "java.naming.*", "read";
  permission java.util.PropertyPermission "javax.sql.*", "read";
  permission java.util.PropertyPermission "os.name", "read";
  permission java.util.PropertyPermission "os.version", "read";
  permission java.util.PropertyPermission "os.arch", "read";
  permission java.util.PropertyPermission "file.separator", "read";
  permission java.util.PropertyPermission "path.separator", "read";
  permission java.util.PropertyPermission "line.separator", "read";
  permission java.util.PropertyPermission "java.version", "read";
  permission java.util.PropertyPermission "java.vendor", "read";
  permission java.util.PropertyPermission "java.vendor.url", "read";
  permission java.util.PropertyPermission "java.class.version", "read";
  permission java.util.PropertyPermission "java.specification.version", "read";
  permission java.util.PropertyPermission "java.specification.vendor", "read";
  permission java.util.PropertyPermission "java.specification.name", "read";
  permission java.util.PropertyPermission "java.vm.specification.version", 
"read";
  permission java.util.PropertyPermission "java.vm.specification.vendor", 
"read";
  permission java.util.PropertyPermission "java.vm.specification.name", "read";
  permission java.util.PropertyPermission "java.vm.version", "read";
  permission java.util.PropertyPermission "java.vm.vendor", "read";
  permission java.util.PropertyPermission "java.vm.name", "read";
  permission java.lang.RuntimePermission "getAttribute";
  permission java.util.PropertyPermission "jaxp.debug", "read";
  permission java.lang.RuntimePermission 
"accessClassInPackage.org.apache.jasper.runtime";
  permission java.lang.RuntimePermission 
"accessClassInPackage.org.apache.jasper.runtime.*";
};

grant signedBy "axis2" {
  permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete, 
execute", signedBy "axis2";
};

grant signedBy "axis2" {
  permission java.net.SocketPermission "localhost", "accept, connect, listen, 
resolve";
};

grant signedBy "axis2" {
  permission java.security.AllPermission;
};

--------------------END--------------------


> Java 2 Security
> ---------------
>
>                 Key: AXIS2-1110
>                 URL: http://issues.apache.org/jira/browse/AXIS2-1110
>             Project: Apache Axis 2.0 (Axis2)
>          Issue Type: New Feature
>          Components: core
>         Environment: Supporting Axis2 runs inside of an environment with Java 
> 2 Security enabled
>            Reporter: Ming Cheung
>
> We need a feature which can provide us fine-grained access control to grant 
> privileges when the codes needed, and to have code operate with the minimum 
> necessray privileges. 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[jira] Commented: (AXIS2-1110) Java 2 Security

Reply via email to