trunk/tools/jetty/conf/jaas.policy - lenya - Git at Google

 // Example permissions for JAAS demo
 //
 // For JSPs, you may need to set:
 //  + read,write,delete FilePermission for the scratchDir setting for JASPER
 //
 // If you have set the "javax.servlet.context.tempdir" attribute of the webapp
 // context, you will need to add read,write,delete FilePermissions for this directory.
 //
 // To run the JAAS demo, cd $jetty.home/extra/plus and type ant run.jaas.demo


 grant
 {
   permission java.util.PropertyPermission "*", "read";
   permission java.io.FilePermission "${install.dir}/../..", "read";
   permission java.io.FilePermission "${install.dir}/../../etc", "read";
   permission java.io.FilePermission "${install.dir}/../../etc/-", "read";
   permission java.io.FilePermission "${install.dir}/../../lib/-", "read";
   permission java.io.FilePermission "${install.dir}/../../ext/-", "read";
   permission java.io.FilePermission "${install.dir}/../../ext", "read";
   permission java.io.FilePermission "${install.dir}/../../-", "read";
   permission java.io.FilePermission "/usr/share/java/-", "read";
   permission java.io.FilePermission "${jdk.home}${/}lib${/}-", "read";
   permission java.io.FilePermission "${jdk.home}${/}jre${/}lib${/}-", "read";
   permission java.io.FilePermission "${java.io.tmpdir}", "read,write,delete";
   permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete";
   permission java.io.FilePermission "${jetty.home}/logs/log4j.log", "write";
   permission java.io.FilePermission "${jetty.home}${/}work${/}*", "read,write,execute";
   permission java.security.SecurityPermission "getPolicy";
   permission javax.security.auth.AuthPermission "doAsPrivileged";
 };


 grant codeBase "file:${jetty.home}/lib/-"
 {
   permission java.net.SocketPermission "localhost:1-65536", "connect,accept,listen,resolve";
   permission java.net.SocketPermission "0.0.0.0:1-65536", "connect,accept,listen,resolve";
   permission java.net.SocketPermission "127.0.0.1:1-65536", "connect,accept,resolve";
   permission java.util.PropertyPermission "*", "read, write";
   permission java.io.FilePermission "${jetty.home}${/}-", "read";
   permission java.io.FilePermission "${jetty.home}${/}logs${/}*", "read,write,delete";
   permission java.io.FilePermission "${jetty.home}${/}cgi-bin${/}-", "read,execute";
   permission java.io.FilePermission "${java.io.tmpdir}/-", "read,write,delete";
   permission java.security.SecurityPermission "putProviderProperty.SunJSSE";
   permission java.security.SecurityPermission "insertProvider.SunJSSE";
   permission javax.security.auth.AuthPermission "createLoginContext.jdbc";
   permission java.lang.RuntimePermission "createClassLoader";
   permission java.lang.RuntimePermission "getClassLoader";
   permission java.lang.RuntimePermission "setContextClassLoader";
   permission java.lang.RuntimePermission "accessDeclaredMembers";
   permission java.lang.RuntimePermission "shutdownHooks";
   permission java.lang.RuntimePermission "accessClassInPackage.sun.tools.*";
   permission java.lang.RuntimePermission "setIO";
 };

 grant codeBase "file:${jetty.home}/ext/-"
 {
   permission java.lang.RuntimePermission "setIO";
   permission java.io.FilePermission "/tmp/*", "read,write,delete";
   permission java.io.FilePermission "/tmp/-", "read,write,delete";
 };

 grant codeBase "file:${jetty.home}/extra/lib/org.mortbay.jaas.jar"
 {
   permission javax.security.auth.AuthPermission "createLoginContext.jdbc";
   permission javax.security.auth.AuthPermission "modifyPrincipals";
   permission javax.security.auth.AuthPermission "modifyPrivateCredentials";
 };


 // Permissions specific to a particular web application
 grant codeBase "file:${install.dir}/demo/webapps/jaas$/WEB-INF/classes/-"
 {
   permission java.io.FilePermission "${install.dir}${/}demo${/}webapps${/}jaas${/}-", "read";
   permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete";
   permission java.security.SecurityPermission "getPolicy";
 };

 // for test
 grant Principal org.mortbay.jaas.JAASPrincipal "me" {
       permission java.security.SecurityPermission "mySecurityPermission";
 };
	// Example permissions for JAAS demo
	//
	// For JSPs, you may need to set:
	// + read,write,delete FilePermission for the scratchDir setting for JASPER
	//
	// If you have set the "javax.servlet.context.tempdir" attribute of the webapp
	// context, you will need to add read,write,delete FilePermissions for this directory.
	//
	// To run the JAAS demo, cd $jetty.home/extra/plus and type ant run.jaas.demo


	grant
	{
	permission java.util.PropertyPermission "*", "read";
	permission java.io.FilePermission "${install.dir}/../..", "read";
	permission java.io.FilePermission "${install.dir}/../../etc", "read";
	permission java.io.FilePermission "${install.dir}/../../etc/-", "read";
	permission java.io.FilePermission "${install.dir}/../../lib/-", "read";
	permission java.io.FilePermission "${install.dir}/../../ext/-", "read";
	permission java.io.FilePermission "${install.dir}/../../ext", "read";
	permission java.io.FilePermission "${install.dir}/../../-", "read";
	permission java.io.FilePermission "/usr/share/java/-", "read";
	permission java.io.FilePermission "${jdk.home}${/}lib${/}-", "read";
	permission java.io.FilePermission "${jdk.home}${/}jre${/}lib${/}-", "read";
	permission java.io.FilePermission "${java.io.tmpdir}", "read,write,delete";
	permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete";
	permission java.io.FilePermission "${jetty.home}/logs/log4j.log", "write";
	permission java.io.FilePermission "${jetty.home}${/}work${/}*", "read,write,execute";
	permission java.security.SecurityPermission "getPolicy";
	permission javax.security.auth.AuthPermission "doAsPrivileged";
	};


	grant codeBase "file:${jetty.home}/lib/-"
	{
	permission java.net.SocketPermission "localhost:1-65536", "connect,accept,listen,resolve";
	permission java.net.SocketPermission "0.0.0.0:1-65536", "connect,accept,listen,resolve";
	permission java.net.SocketPermission "127.0.0.1:1-65536", "connect,accept,resolve";
	permission java.util.PropertyPermission "*", "read, write";
	permission java.io.FilePermission "${jetty.home}${/}-", "read";
	permission java.io.FilePermission "${jetty.home}${/}logs${/}*", "read,write,delete";
	permission java.io.FilePermission "${jetty.home}${/}cgi-bin${/}-", "read,execute";
	permission java.io.FilePermission "${java.io.tmpdir}/-", "read,write,delete";
	permission java.security.SecurityPermission "putProviderProperty.SunJSSE";
	permission java.security.SecurityPermission "insertProvider.SunJSSE";
	permission javax.security.auth.AuthPermission "createLoginContext.jdbc";
	permission java.lang.RuntimePermission "createClassLoader";
	permission java.lang.RuntimePermission "getClassLoader";
	permission java.lang.RuntimePermission "setContextClassLoader";
	permission java.lang.RuntimePermission "accessDeclaredMembers";
	permission java.lang.RuntimePermission "shutdownHooks";
	permission java.lang.RuntimePermission "accessClassInPackage.sun.tools.*";
	permission java.lang.RuntimePermission "setIO";
	};

	grant codeBase "file:${jetty.home}/ext/-"
	{
	permission java.lang.RuntimePermission "setIO";
	permission java.io.FilePermission "/tmp/*", "read,write,delete";
	permission java.io.FilePermission "/tmp/-", "read,write,delete";
	};

	grant codeBase "file:${jetty.home}/extra/lib/org.mortbay.jaas.jar"
	{
	permission javax.security.auth.AuthPermission "createLoginContext.jdbc";
	permission javax.security.auth.AuthPermission "modifyPrincipals";
	permission javax.security.auth.AuthPermission "modifyPrivateCredentials";
	};


	// Permissions specific to a particular web application
	grant codeBase "file:${install.dir}/demo/webapps/jaas$/WEB-INF/classes/-"
	{
	permission java.io.FilePermission "${install.dir}${/}demo${/}webapps${/}jaas${/}-", "read";
	permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete";
	permission java.security.SecurityPermission "getPolicy";
	};

	// for test
	grant Principal org.mortbay.jaas.JAASPrincipal "me" {
	permission java.security.SecurityPermission "mySecurityPermission";
	};