I think that i've solve the problem. I've added the following lines at the end
of the file :
permission java.lang.RuntimePermission
"org.jboss.security.SecurityAssociation.setPrincipalInfo";
permission java.lang.RuntimePermission
"org.jboss.security.SecurityAssociation.getPrincipalInfo";
permission java.lang.RuntimePermission
"org.jboss.security.SecurityAssociation.setRunAsRole";
permission java.lang.RuntimePermission
"org.jboss.security.SecurityAssociation.setServer";
permission javax.security.auth.AuthPermission "createLoginContext.*";
I'll post a mail if during the next days the web app don't crash.
I also post the debian version of the script. I've got a problem with this
script : I must give reading rigths to the "/" directory (the Hibernate cache
system has to do Tmp.list()). If somebody knows how to solve this security
problem ...
// Trusted core Java code
grant codeBase "file:/home/logiciel/java/sources/jre1.5.0_12/lib/ext/-" {
permission java.security.AllPermission;
};
grant codeBase "file:/home/logiciel/java/sources/jre1.5.0_12/lib/*" {
permission java.security.AllPermission;
};
// Trusted core Jboss code
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/bin/-" {
permission java.security.AllPermission;
};
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/lib/-" {
permission java.security.AllPermission;
};
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/lib/-" {
permission java.security.AllPermission;
};
grant codeBase
"file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/deploy/jmx-console.war/-"{
permission java.security.AllPermission;
};
grant codeBase
"file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/deploy/jbossws14.sar/-"{
permission java.security.AllPermission;
};
grant codeBase
"file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/deploy/jbossweb-tomcat55.sar/-"{
permission java.security.AllPermission;
};
grant codeBase
"file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/deploy/jboss-aop.deployer/-"{
permission java.security.AllPermission;
};
grant codeBase
"file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/deploy/http-invoker.sar/-"{
permission java.security.AllPermission;
};
grant codeBase
"file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/deploy/jboss-bean.deployer/-"{
permission java.security.AllPermission;
};
grant codeBase
"file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/deploy/jms/-"{
permission java.security.AllPermission;
grant codeBase
"file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/deploy/uuid-key-generator.sar/-"{
permission java.security.AllPermission;
};
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-" {
permission java.io.FilePermission
"/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-", "read";
permission java.io.FilePermission
"/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-", "write";
permission java.io.FilePermission
"/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-", "delete";
permission java.io.FilePermission
"/home/logiciel/jboss/jboss-4.0.5.GA/bin/autorized/-", "read";
permission java.io.FilePermission
"/home/logiciel/jboss/jboss-4.0.5.GA/bin/autorized/-", "write";
permission java.io.FilePermission
"/home/logiciel/jboss/jboss-4.0.5.GA/bin/autorized/-", "delete";
permission java.io.FilePermission "/-", "read";
permission java.io.FilePermission "/tmp/-", "write";
permission java.io.FilePermission "/tmp/-", "delete";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "getClassLoader";
permission java.security.SecurityPermission "getPolicy";
};
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-" {
permission java.io.FilePermission
"/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-", "read";
permission java.io.FilePermission
"/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-", "write";
permission java.io.FilePermission
"/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-", "delete";
permission java.io.FilePermission
"/home/logiciel/jboss/jboss-4.0.5.GA/bin/autorized/-", "read";
permission java.io.FilePermission
"/home/logiciel/jboss/jboss-4.0.5.GA/bin/autorized/-", "write";
permission java.io.FilePermission
"/home/logiciel/jboss/jboss-4.0.5.GA/bin/autorized/-", "delete";
permission java.io.FilePermission "/-", "read";
permission java.io.FilePermission "/tmp/-", "write";
permission java.io.FilePermission "/tmp/-", "delete";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "getClassLoader";
permission java.security.SecurityPermission "getPolicy";
};
grant codeBase "file:/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-" {
permission java.io.FilePermission
"/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-", "read";
permission java.io.FilePermission
"/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-", "write";
permission java.io.FilePermission
"/home/logiciel/jboss/jboss-4.0.5.GA/server/default/tmp/-", "delete";
permission java.io.FilePermission
"/home/logiciel/jboss/jboss-4.0.5.GA/bin/autorized/-", "read";
permission java.io.FilePermission
"/home/logiciel/jboss/jboss-4.0.5.GA/bin/autorized/-", "write";
permission java.io.FilePermission
"/home/logiciel/jboss/jboss-4.0.5.GA/bin/autorized/-", "delete";
permission java.io.FilePermission "/-", "read";
permission java.io.FilePermission "/tmp/-", "write";
permission java.io.FilePermission "/tmp/-", "delete";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "getClassLoader";
permission java.security.SecurityPermission "getPolicy";
};
grant {
permission java.util.PropertyPermission "*", "read";
permission java.lang.RuntimePermission "queuePrintJob";
permission java.net.SocketPermission "localhost:5432", "accept, connect,
listen";
permission java.net.SocketPermission "localhost:8009", "accept, connect,
listen";
permission java.net.SocketPermission "*:80", "accept, connect, listen";
permission java.net.SocketPermission "*:110", "accept, connect, listen";
permission java.net.SocketPermission "*:25", "accept, connect, listen";
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.lang.RuntimePermission
"org.jboss.security.SecurityAssociation.getSubject";
permission javax.management.MBeanServerPermission "findMBeanServer";
permission javax.management.MBeanPermission
"org.jboss.mx.modelmbean.XMBean#*[JMImplementation:type=MBeanRegistry]", "*";
permission java.lang.RuntimePermission
"org.jboss.security.SecurityAssociation.setPrincipalInfo";
permission java.lang.RuntimePermission
"org.jboss.security.SecurityAssociation.getPrincipalInfo";
permission java.lang.RuntimePermission
"org.jboss.security.SecurityAssociation.setRunAsRole";
permission java.lang.RuntimePermission
"org.jboss.security.SecurityAssociation.setServer";
permission javax.security.auth.AuthPermission "createLoginContext.*";
}
;
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4094136#4094136
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4094136
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
