geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vamsavardhana Reddy <c1vams...@gmail.com>
Subject Re: Security Policy
Date Mon, 13 Feb 2006 06:08:38 GMT
When does one require to run the server under a Security Manager?

Thanks,
Vamsi

On 2/11/06, Matt Hogstrom <matt@hogstrom.org> wrote:
>
> Cristian,
>
> No apologies.  This is good feedback as I think we can use as much
> administrative feedback as possible.
>
> Cristian Roldan wrote:
> > Hi All,
> >           I  enabled the Security Manager with these parameters "-
> Djava.security.manager -Djava.security.policy=geronimo.policy",
> > everything works ok, but the only problem that  I saw was with the
> Application identification (number) , if you deploy
> > an application, Generimo creates a directory config-store/[NUMBER], you
> must use this number in the policy file, after a while
> > you undeploy and deploy a new version of that application in this case
> you obtain a new number, so you must change the policy file.
> > I think that using a [number] as a deployment directory is not the best
> solution from the administration perspective.
> > I'm sorry I just give an opinion from the administration point of view
> maybe there is a design/performace reason that I can't see.
> >
> >
> >   //
> --------------------------------------------------------------------------------------
> > // Permissions for Geronimo V.1.0
> > //
> --------------------------------------------------------------------------------------
> >   // Geronimo gets all permissions
> > grant codeBase "file:${org.apache.geronimo.base.dir}/lib/-" {
> >   permission java.security.AllPermission;
> > };
> >   grant codeBase "file:${org.apache.geronimo.base.dir}/repository/-" {
> >   permission java.security.AllPermission;
> > };
> >
> //----------------------------------------------------------------------
> > // From here I set the minimun permissions for my Applications
> > // You must change "23" for you Application number, this number is
> created
> > // during deployment phase.
> > //----------------------------------------------------------------------
> >   grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/23/-"
> {
> >   permission java.lang.RuntimePermission "accessClassInPackage.*";
> > };
> >   //
> ---------------------------------------------------------------------
> >   grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/1/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/2/-" {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/3/-" {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/4/-" {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/5/-" {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/6/-" {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/7/-" {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/8/-" {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/9/-" {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/10/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/11/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/12/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/13/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/14/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/15/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/16/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/17/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/18/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/19/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/20/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/21/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/22/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/24/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/25/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/26/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/27/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/28/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/29/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/30/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/31/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/32/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/33/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/34/-"
> {
> >   permission java.security.AllPermission;
> > };
> > grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/35/-"
> {
> >   permission java.security.AllPermission;
> > };
> >
> >
> >
> >
> > ---------------------------------
> >  1GB gratis, Antivirus y Antispam
> >  Correo Yahoo!, el mejor correo web del mundo
> >  Abrí tu cuenta aquí
>

Mime
View raw message