// Example permissions for JAAS demo | |
// | |
// For JSPs, you may need to set: | |
// + read,write,delete FilePermission for the scratchDir setting for JASPER | |
// | |
// If you have set the "javax.servlet.context.tempdir" attribute of the webapp | |
// context, you will need to add read,write,delete FilePermissions for this directory. | |
// | |
// To run the JAAS demo, cd $jetty.home/extra/plus and type ant run.jaas.demo | |
grant | |
{ | |
permission java.util.PropertyPermission "*", "read"; | |
permission java.io.FilePermission "${install.dir}/../..", "read"; | |
permission java.io.FilePermission "${install.dir}/../../etc", "read"; | |
permission java.io.FilePermission "${install.dir}/../../etc/-", "read"; | |
permission java.io.FilePermission "${install.dir}/../../lib/-", "read"; | |
permission java.io.FilePermission "${install.dir}/../../ext/-", "read"; | |
permission java.io.FilePermission "${install.dir}/../../ext", "read"; | |
permission java.io.FilePermission "${install.dir}/../../-", "read"; | |
permission java.io.FilePermission "/usr/share/java/-", "read"; | |
permission java.io.FilePermission "${jdk.home}${/}lib${/}-", "read"; | |
permission java.io.FilePermission "${jdk.home}${/}jre${/}lib${/}-", "read"; | |
permission java.io.FilePermission "${java.io.tmpdir}", "read,write,delete"; | |
permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete"; | |
permission java.io.FilePermission "${jetty.home}/logs/log4j.log", "write"; | |
permission java.io.FilePermission "${jetty.home}${/}work${/}*", "read,write,execute"; | |
permission java.security.SecurityPermission "getPolicy"; | |
permission javax.security.auth.AuthPermission "doAsPrivileged"; | |
}; | |
grant codeBase "file:${jetty.home}/lib/-" | |
{ | |
permission java.net.SocketPermission "localhost:1-65536", "connect,accept,listen,resolve"; | |
permission java.net.SocketPermission "0.0.0.0:1-65536", "connect,accept,listen,resolve"; | |
permission java.net.SocketPermission "127.0.0.1:1-65536", "connect,accept,resolve"; | |
permission java.util.PropertyPermission "*", "read, write"; | |
permission java.io.FilePermission "${jetty.home}${/}-", "read"; | |
permission java.io.FilePermission "${jetty.home}${/}logs${/}*", "read,write,delete"; | |
permission java.io.FilePermission "${jetty.home}${/}cgi-bin${/}-", "read,execute"; | |
permission java.io.FilePermission "${java.io.tmpdir}/-", "read,write,delete"; | |
permission java.security.SecurityPermission "putProviderProperty.SunJSSE"; | |
permission java.security.SecurityPermission "insertProvider.SunJSSE"; | |
permission javax.security.auth.AuthPermission "createLoginContext.jdbc"; | |
permission java.lang.RuntimePermission "createClassLoader"; | |
permission java.lang.RuntimePermission "getClassLoader"; | |
permission java.lang.RuntimePermission "setContextClassLoader"; | |
permission java.lang.RuntimePermission "accessDeclaredMembers"; | |
permission java.lang.RuntimePermission "shutdownHooks"; | |
permission java.lang.RuntimePermission "accessClassInPackage.sun.tools.*"; | |
permission java.lang.RuntimePermission "setIO"; | |
}; | |
grant codeBase "file:${jetty.home}/ext/-" | |
{ | |
permission java.lang.RuntimePermission "setIO"; | |
permission java.io.FilePermission "/tmp/*", "read,write,delete"; | |
permission java.io.FilePermission "/tmp/-", "read,write,delete"; | |
}; | |
grant codeBase "file:${jetty.home}/extra/lib/org.mortbay.jaas.jar" | |
{ | |
permission javax.security.auth.AuthPermission "createLoginContext.jdbc"; | |
permission javax.security.auth.AuthPermission "modifyPrincipals"; | |
permission javax.security.auth.AuthPermission "modifyPrivateCredentials"; | |
}; | |
// Permissions specific to a particular web application | |
grant codeBase "file:${install.dir}/demo/webapps/jaas$/WEB-INF/classes/-" | |
{ | |
permission java.io.FilePermission "${install.dir}${/}demo${/}webapps${/}jaas${/}-", "read"; | |
permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete"; | |
permission java.security.SecurityPermission "getPolicy"; | |
}; | |
// for test | |
grant Principal org.mortbay.jaas.JAASPrincipal "me" { | |
permission java.security.SecurityPermission "mySecurityPermission"; | |
}; | |