Re: [jira] Commented: (AXIS2-1110) Java 2 Security

Wed, 06 Sep 2006 15:28:03 -0700

Fernando,

Thank you for sharing with the example.

Actually, I am looking for more than just adding permission to the policy file. I would like AXIS2 to have doPrivilege when a call stack (applet) needs a permission.

Sincerely,

Ming Cheung
WebSphere Web Services Developer

Address: IBM, Inc. 11501 Burnet Road, Austin, TX 78758
Tie Line: 678-0733
Email: [EMAIL PROTECTED]

Inactive hide details for "Ruchith Udayanga Fernando (JIRA)" <[EMAIL PROTECTED]>"Ruchith Udayanga Fernando (JIRA)" <[EMAIL PROTECTED]>


          "Ruchith Udayanga Fernando (JIRA)" <[EMAIL PROTECTED]>

          09/05/2006 10:50 PM

          Please respond to
          [email protected]

To

[email protected]

cc


Subject

[jira] Commented: (AXIS2-1110) Java 2 Security

    [ http://issues.apache.org/jira/browse/AXIS2-1110?page=comments#action_12432733 ]
           
Ruchith Udayanga Fernando commented on AXIS2-1110:
--------------------------------------------------

IMHO you can use axis2 with java security policy to control access.

Exmaple the following policy will makesure only the signed (signed by a key -alias : axis2- in the axis2.jks) jars, mars, and aars can access the file syatem and the sys properties specific to axis2.

Is this sufficient?

--------------------BEGIN--------------------

keystore "axis2.jks", "jks";

grant codeBase "file:${java.home}/lib/-" {
 permission java.security.AllPermission;
};

grant codeBase "file:${java.home}/jre/lib/ext/-" {
 permission java.security.AllPermission;
};

grant codeBase "file:${java.home}/../lib/-" {
 permission java.security.AllPermission;
};

grant codeBase "file:${java.home}/lib/ext/-" {
 permission java.security.AllPermission;
};

grant signedBy "axis2" {
 permission java.util.PropertyPermission "axis2.home", "read, write";
 permission java.util.PropertyPermission "axis2.repo", "read, write";
 permission java.util.PropertyPermission "axis2.xml", "read, write";
 permission java.util.PropertyPermission "derby.system.home", "read, write";
 permission java.util.PropertyPermission "javax.xml.parsers.DocumentBuilderFactory", "read, write";
 permission java.util.PropertyPermission "org.apache.commons.logging.LogFactory.HashtableImpl", "read, write";
 permission java.util.PropertyPermission "om.factory", "read, write";
 permission java.util.PropertyPermission "soap11.factory", "read, write";
 permission java.util.PropertyPermission "soap12.factory", "read, write";
 permission java.util.PropertyPermission "line.separator", "read, write";
};

grant signedBy "axis2" {
 permission java.util.PropertyPermission "java.home", "read";
 permission java.util.PropertyPermission "java.naming.*", "read";
 permission java.util.PropertyPermission "javax.sql.*", "read";
 permission java.util.PropertyPermission "os.name", "read";
 permission java.util.PropertyPermission "os.version", "read";
 permission java.util.PropertyPermission "os.arch", "read";
 permission java.util.PropertyPermission "file.separator", "read";
 permission java.util.PropertyPermission "path.separator", "read";
 permission java.util.PropertyPermission "line.separator", "read";
 permission java.util.PropertyPermission "java.version", "read";
 permission java.util.PropertyPermission "java.vendor", "read";
 permission java.util.PropertyPermission "java.vendor.url", "read";
 permission java.util.PropertyPermission "java.class.version", "read";
 permission java.util.PropertyPermission "java.specification.version", "read";
 permission java.util.PropertyPermission "java.specification.vendor", "read";
 permission java.util.PropertyPermission "java.specification.name", "read";
 permission java.util.PropertyPermission "java.vm.specification.version", "read";
 permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
 permission java.util.PropertyPermission "java.vm.specification.name", "read";
 permission java.util.PropertyPermission "java.vm.version", "read";
 permission java.util.PropertyPermission "java.vm.vendor", "read";
 permission java.util.PropertyPermission "java.vm.name", "read";
 permission java.lang.RuntimePermission "getAttribute";
 permission java.util.PropertyPermission "jaxp.debug", "read";
 permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
 permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*";
};

grant signedBy "axis2" {
 permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete, execute", signedBy "axis2";
};

grant signedBy "axis2" {
 permission java.net.SocketPermission "localhost", "accept, connect, listen, resolve";
};

grant signedBy "axis2" {
 permission java.security.AllPermission;
};

--------------------END--------------------


> Java 2 Security
> ---------------
>
>                 Key: AXIS2-1110
>                 URL: http://issues.apache.org/jira/browse/AXIS2-1110
>             Project: Apache Axis 2.0 (Axis2)
>          Issue Type: New Feature
>          Components: core
>         Environment: Supporting Axis2 runs inside of an environment with Java 2 Security enabled
>            Reporter: Ming Cheung
>
> We need a feature which can provide us fine-grained access control to grant privileges when the codes needed, and to have code operate with the minimum necessray privileges.

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


GIF image

Reply via email to