Re: RemotePolicy service

Wed, 03 Aug 2011 20:14:27 -0700 





The big issues, are always about "security" as a starting point.   
And it's hard to manage security without some pre-established 
settings.  What do we all think about a "default" security 
configuration (such as binding to localhost, asserting a download 
permission and using SSL) that fall out of the APIs (or new APIs) 
more naturally.



Yes definitely, perhaps we also need to provide an insecure 
alternative also.



Java 2 security is difficult to understand, even when you author code, 
you don't necessarily know what guards your method calls will end up 
invoking.  The biggest problem is developers don't define the 
permissions their code needs and administrators don't know what to 
specify in their policy files.


I've been working on ways to cut through the maze:


com.sun.jini.tool.DebugDynamicPolicy was designed to capture policy 
security checks to assist developers to determine permissions required.



In addition we now have com.sun.jini.tool.ProfilingSecurityManager 
(Original Author: Mark Petrovic BSD License)


Why do we need two tools?

DebugDynamicPolicy only tells you what permissions are required.


ProfilingSecurityManager tells you what permissions each jar requires, 
it will also tell you permission checks made by static 
ProtectionDomain's.
Prior to Java 1.4, ProtectionDomain's were immutable, the policy was 
only consulted at the time the ProtectionDomain was created, all 
permissions were CodeSource based (static).  Java 1.4 added dynamic 
policy and principal based permission grants.  Some of these old 
"static" ProtectionDomain's still exist in code, so you need a 
SecurityManager to capture their security checks, the policy will 
never be consulted.



Something not well known is your SecurityManager and Policy should be 
specified on the command line together at jvm startup.  Due to out of 
order optimisations, the point in time when a SecurityManager is 
loaded (when called from your code) can differ by platform, leading 
some platforms to require additional permissions, sometimes this will 
also crop up when making subtle changes.  This often happens with our 
qa test suite, I do intend to fix it a some point.



Soon I intend to borrow some code from Apache Felix, allowing smart 
proxy's to declare the permissions they require in their jar.



As I mentioned on the Security policy Service thread, OSGi uses a 
permissions.perms file to describe a bundle's (jar file) local 
permissions.


The apache felix classes that parse this file are:

org.osgi.service.permissionadmin.PermissionInfo
org.apache.felix.framework.security.util.LocalPermissions


It appears pretty simple to make use of this file format with proven 
code for retrieving permissions from jar files.



Developers can use ProfilingSecurityManager to determine what 
permissions their proxy jar requires.



Then client's only need ask a proxy, what permissions it requires and 
if acceptable, grant them, after authentication and proxy 
verification.  If unacceptable, the client can find another service 
instance.





The output below is one of the qa tests run with the 
ProfilingSecurityManager enabled.



Remember whenever a security check is made, the AccessController must 
check every ProtectionDomain on the current thread stack, unless called 
from a doPrivileged method.



It's possible to alter this program to produce policy file output 
instead.  These policy files will still need some editing, but it 
simplifies deployment.  It might also be useful for generating 
permissions.perms files for including in proxy jar files.




    [java] -----------------------------------------
    [java]

    [java] Running 
com/sun/jini/test/spec/url/httpmd/handler/OpenConnectionNonExistFile.td

    [java] Time is Thu Aug 04 12:43:37 EST 2011
    [java] Starting test in separate process with command:

    [java] /usr/jdk/instances/jdk1.6.0/jre/bin/java 
-Djava.security.policy=file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/harness/policy/defaulttest.policy 
-cp 
/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar:/opt/src/River2.2.1/peterConcurrentPolicy/lib/jsk-platform.jar:/opt/src/River2.2.1/peterConcurrentPolicy/lib/jsk-lib.jar 
-client 
-Djava.ext.dirs=/usr/jdk/instances/jdk1.6.0/jre/lib/ext:/usr/jdk/packages/lib/ext:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib-ext:/opt/src/River2.2.1/peterConcurrentPolicy/lib-ext 
-Djava.security.manager=com.sun.jini.tool.ProfilingSecurityManager 
-Dcom.sun.jini.jsk.port=9080 -Dcom.sun.jini.qa.port=9081 
-Dcom.sun.jini.jsk.home=/opt/src/River2.2.1/peterConcurrentPolicy 
-Dcom.sun.jini.qa.home=/opt/src/River2.2.1/peterConcurrentPolicy/qa 
-Dcom.sun.jini.qa.harness.harnessJar=/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar 
-Dcom.sun.jini.qa.harness.testJar=/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar 
-Dcom.sun.jini.qa.harness.runjiniserver=false 
-Dcom.sun.jini.qa.harness.runkitserver=false 
-Djava.security.properties=file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/harness/trust/dynamic-policy.properties 
-Dcom.sun.jini.qa.harness.testhosts= 
-Djava.util.logging.config.file=/opt/src/River2.2.1/peterConcurrentPolicy/qa/src/com/sun/jini/test/resources/qa1.logging 
-Dcom.sun.jini.test.home=/opt/src/River2.2.1/peterConcurrentPolicy/qa 
-Dcom.sun.jini.test.port=9082 
-Dcom.sun.jini.qa.harness.policies=file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/src/com/sun/jini/test/resources/jinitest.policy 
-Djava.ext.dirs=/usr/jdk/instances/jdk1.6.0/jre/lib/ext:/usr/jdk/packages/lib/ext:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib-ext:/opt/src/River2.2.1/peterConcurrentPolicy/lib-ext 
-Djava.protocol.handler.pkgs=net.jini.url 
com.sun.jini.qa.harness.MasterTest 
com/sun/jini/test/spec/url/httpmd/handler/OpenConnectionNonExistFile.td
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.lang.RuntimePermission "setIO", "";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.logging.LoggingPermission "control", "";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "line.separator", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"com.sun.jini.qa.harness.testhosts", "read";};
    [java] grant codeBase 
"file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar" 
{permission  java.lang.RuntimePermission 
"accessClassInPackage.sun.security.util", "";};
    [java] grant codeBase 
"file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar" 
{permission  java.lang.RuntimePermission 
"accessClassInPackage.sun.security.action", "";};
    [java] grant codeBase 
"file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar" 
{permission  java.util.PropertyPermission 
"sun.security.pkcs11.allowSingleThreadedModules", "read";};
    [java] grant codeBase 
"file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar" 
{permission  java.io.FilePermission 
"/usr/jdk/instances/jdk1.6.0/jre/lib/security/sunpkcs11-solaris.cfg", 
"read";};
    [java] grant codeBase 
"file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar" 
{permission  java.util.PropertyPermission "os.name", "read";};
    [java] grant codeBase 
"file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar" 
{permission  java.util.PropertyPermission "os.arch", "read";};
    [java] grant codeBase 
"file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar" 
{permission  java.io.FilePermission "/usr/lib/libpkcs11.so", "read";};
    [java] grant codeBase 
"file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar" 
{permission  java.lang.RuntimePermission "loadLibrary.j2pkcs11", "";};
    [java] grant codeBase 
"file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar" 
{permission  java.io.FilePermission 
"/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sparc/libj2pkcs11.so", "read";};
    [java] grant codeBase 
"file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar" 
{permission  java.io.FilePermission 
"/usr/jdk/instances/jdk1.6.0/jre/lib/ext/libj2pkcs11.so", "read";};
    [java] grant codeBase 
"file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar" 
{permission  java.io.FilePermission 
"/usr/jdk/packages/lib/ext/sparc/libj2pkcs11.so", "read";};
    [java] grant codeBase 
"file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar" 
{permission  java.io.FilePermission 
"/usr/jdk/packages/lib/ext/libj2pkcs11.so", "read";};
    [java] grant codeBase 
"file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar" 
{permission  java.io.FilePermission 
"/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib-ext/sparc/libj2pkcs11.so", 
"read";};
    [java] grant codeBase 
"file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar" 
{permission  java.io.FilePermission 
"/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib-ext/libj2pkcs11.so", 
"read";};
    [java] grant codeBase 
"file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar" 
{permission  java.io.FilePermission 
"/opt/src/River2.2.1/peterConcurrentPolicy/lib-ext/sparc/libj2pkcs11.so", 
"read";};
    [java] grant codeBase 
"file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar" 
{permission  java.io.FilePermission 
"/opt/src/River2.2.1/peterConcurrentPolicy/lib-ext/libj2pkcs11.so", 
"read";};
    [java] grant codeBase 
"file:/usr/jdk/instances/jdk1.6.0/jre/lib/ext/sunpkcs11.jar" 
{permission  java.security.SecurityPermission 
"putProviderProperty.SunPKCS11-Solaris", "";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.lang.RuntimePermission "getenv.SOUL", "";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.io.FilePermission 
"/opt/src/River2.2.1/peterConcurrentPolicy/qa/soul/soul.201108041053007925", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "net.jini.discovery.announce", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "net.jini.discovery.announce", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/lib/jsk-platform.jar" 
{permission  java.lang.RuntimePermission "createSecurityManager", "";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/lib/jsk-platform.jar" 
{permission  java.security.SecurityPermission "getDomainCombiner", "";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/lib/jsk-platform.jar" 
{permission  java.lang.RuntimePermission "getProtectionDomain", "";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/lib/jsk-platform.jar" 
{permission  java.security.SecurityPermission 
"createAccessControlContext", "";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "testFailureAnalyzers", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"com.sun.jini.qa.harness.callAutoT", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.lang.RuntimePermission 
"accessClassInPackage.sun.util.logging.resources", "";};

    [java]
    [java] TIME: 12:43:40 PM
    [java]
    [java] MasterTest.doTest INFO:

    [java] ============================== CALLING SETUP() 
==============================

    [java]

    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"com.sun.jini.qa.harness.startDelay", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"com.sun.jini.qa.harness.startDelay", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"com.sun.jini.qa.harness.runkitserver", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"com.sun.jini.qa.harness.runkitserver", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"com.sun.jini.qa.harness.runjiniserver", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"com.sun.jini.qa.harness.runjiniserver", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"com.sun.jini.qa.harness.testClassServer", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"com.sun.jini.qa.harness.testClassServer", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"com.sun.jini.qa.harness.serviceMode", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"com.sun.jini.qa.harness.serviceMode", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.transient.impl", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.transient.impl", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "testClassServer.adminName", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "testClassServer.adminName", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "testClassServer.type.1", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "testClassServer.type.1", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "testClassServer.type.0", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "testClassServer.type.0", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "testClassServer.type", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "testClassServer.type", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.classServer.impl.0", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.classServer.impl.0", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.classServer.impl", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.classServer.impl", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "testClassServer.impl.0", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "testClassServer.impl.0", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "testClassServer.impl", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "testClassServer.impl", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.classServer.port.0", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.classServer.port.0", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.classServer.port", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.classServer.port", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "testClassServer.port.0", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "testClassServer.port.0", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "testClassServer.port", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "testClassServer.port", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "com.sun.jini.test.port", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "com.sun.jini.test.port", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.classServer.dir.0", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.classServer.dir.0", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.classServer.dir", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.classServer.dir", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "testClassServer.dir.0", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "testClassServer.dir.0", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "testClassServer.dir", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "testClassServer.dir", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "java.io.tmpdir", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "java.io.tmpdir", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"com.sun.jini.qa.harness.globalvmargs", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"com.sun.jini.qa.harness.globalvmargs", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "java.ext.dirs", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "java.ext.dirs", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "com.sun.jini.jsk.port", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "com.sun.jini.jsk.port", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "com.sun.jini.qa.port", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "com.sun.jini.qa.port", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "com.sun.jini.jsk.home", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "com.sun.jini.jsk.home", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "com.sun.jini.qa.home", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "com.sun.jini.qa.home", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"com.sun.jini.qa.harness.securityproperties", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"com.sun.jini.qa.harness.securityproperties", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.io.FilePermission 
"harness/trust/dynamic-policy.properties", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.io.FilePermission 
"harness/trust/dynamic-policy.properties", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "user.dir", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "user.dir", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.io.FilePermission 
"/opt/src/River2.2.1/peterConcurrentPolicy/qa/harness/trust/dynamic-policy.properties", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.io.FilePermission 
"/opt/src/River2.2.1/peterConcurrentPolicy/qa/harness/trust/dynamic-policy.properties", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"com.sun.jini.qa.harness.testhosts", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"java.util.logging.config.file", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"java.util.logging.config.file", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "com.sun.jini.test.home", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "com.sun.jini.test.home", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.io.FilePermission 
"src/com/sun/jini/test/resources/jinitest.policy", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.io.FilePermission 
"src/com/sun/jini/test/resources/jinitest.policy", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.io.FilePermission 
"/opt/src/River2.2.1/peterConcurrentPolicy/qa/src/com/sun/jini/test/resources/jinitest.policy", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.io.FilePermission 
"/opt/src/River2.2.1/peterConcurrentPolicy/qa/src/com/sun/jini/test/resources/jinitest.policy", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.classServer.serverjvmargs.0", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.classServer.serverjvmargs.0", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.classServer.serverjvmargs", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.classServer.serverjvmargs", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.serverjvmargs.0", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.serverjvmargs.0", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.serverjvmargs", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission 
"testClassServer.serverjvmargs", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.net.SocketPermission "localhost:9082", "listen,resolve";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.net.SocketPermission "localhost:9082", "listen,resolve";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.net.NetPermission "specifyStreamHandler", "";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.net.NetPermission "specifyStreamHandler", "";};

    [java] 04/08/2011 12:43:40 PM com.sun.jini.tool.ClassServer run
    [java] INFO: ClassServer started [[/var/tmp/], port 9082]

    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "OpenConnection.Url", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "OpenConnection.Url", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "OpenConnection.ExpResult", 
"read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.util.PropertyPermission "OpenConnection.ExpResult", 
"read";};

    [java] MasterTest.doTest INFO:

    [java] =============================== CALLING RUN() 
===============================

    [java]

    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission "os.name", "read";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/lib/jsk-platform.jar" 
{permission  java.net.SocketPermission "localhost:80", "connect,resolve";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.net.SocketPermission "localhost:80", "connect,resolve";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.net.SocketPermission "localhost:80", "connect,resolve";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/lib/jsk-platform.jar" 
{permission  java.net.SocketPermission "localhost", "resolve";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.net.SocketPermission "localhost", "resolve";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.net.SocketPermission "localhost", "resolve";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/lib/jsk-platform.jar" 
{permission  java.net.SocketPermission "127.0.0.1:80", "connect,resolve";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jinitests.jar" 
{permission  java.net.SocketPermission "127.0.0.1:80", "connect,resolve";};
    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.net.SocketPermission "127.0.0.1:80", "connect,resolve";};

    [java] MasterTest.doTest INFO:

    [java] ============================ CALLING TEARDOWN() 
=============================

    [java]

    [java] grant codeBase 
"file:/opt/src/River2.2.1/peterConcurrentPolicy/qa/lib/jiniharness.jar" 
{permission  java.util.PropertyPermission 
"com.sun.jini.qa.harness.nSecsWaitDestroy", "read";};

    [java] 04/08/2011 12:43:41 PM com.sun.jini.tool.ClassServer terminate
    [java] INFO: ClassServer terminated [port 9082]
    [java] 04/08/2011 12:43:41 PM com.sun.jini.tool.ClassServer terminate
    [java] INFO: ClassServer terminated [port 9082]
    [java]
    [java] TIME: 12:43:41 PM
    [java]
    [java] Test process was destroyed and returned code 0

    [java] 
com/sun/jini/test/spec/url/httpmd/handler/OpenConnectionNonExistFile.td

    [java] Test Passed: OK
    [java]
    [java]
    [java] -----------------------------------------
























					Reply via email to