Basically, you want to grant as few permissions as you can - unfortunately that sometimes means trying things out, adding permissions until they work.
As a starting point, the application class loader needs something like this (taken from river-container (https://github.com/trasukg/river-container)): //java.security.AllPermission; //java.io.FilePermission "${serviceArchive}" "read"; java.io.FilePermission "-" "read"; java.net.SocketPermission "*" "connect,listen,accept,resolve"; /* net.jini.security.Security requires createSecurityManager, but we don't grant 'setSecurityManager'. */ java.lang.RuntimePermission "createSecurityManager"; java.lang.RuntimePermission "getProtectionDomain"; java.lang.RuntimePermission "setFactory"; java.lang.RuntimePermission "modifyThread"; java.lang.RuntimePermission "modifyThreadGroup"; java.security.SecurityPermission "getDomainCombiner"; java.security.SecurityPermission "createAccessControlContext"; java.security.SecurityPermission "getPolicy"; // BasicProxyPreparer requirements: javax.security.auth.AuthPermission "getSubject"; net.jini.security.policy.UmbrellaGrantPermission; com.sun.jini.thread.ThreadPoolPermission "getSystemThreadPool"; com.sun.jini.thread.ThreadPoolPermission "getUserThreadPool"; com.sun.jini.discovery.internal.EndpointInternalsPermission "set"; com.sun.jini.discovery.internal.EndpointInternalsPermission "get"; java.lang.reflect.ReflectPermission "suppressAccessChecks"; net.jini.export.ExportPermission "exportRemoteInterface.*"; net.jini.discovery.DiscoveryPermission "*"; java.lang.RuntimePermission "shutdownHooks"; java.util.PropertyPermission "*" "read"; java.lang.RuntimePermission "accessClassInPackage.com.sun.proxy"; // Only in client configuration - apps can call System.exit() java.lang.RuntimePermission "exitVM.*”; Cheers, Greg Trasuk. On Jul 6, 2014, at 12:26 AM, Gus Heck <[email protected]> wrote: > The getting started page says: " In the interest of simplicity, we are > going to grant everything every permission. In the real world, this would > obviously not be recommended." > > Ok fine, but where do I find the documentation of what is needed for what > when I DO eventually want to live in the real world :) > > -Gus > > -- > http://www.the111shift.com
