geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Hogstrom <m...@hogstrom.org>
Subject Re: Security Policy
Date Fri, 10 Feb 2006 21:39:36 GMT
Cristian,

No apologies.  This is good feedback as I think we can use as much 
administrative feedback as possible.

Cristian Roldan wrote:
> Hi All,
>           I  enabled the Security Manager with these parameters "-Djava.security.manager
-Djava.security.policy=geronimo.policy",
> everything works ok, but the only problem that  I saw was with the Application identification
(number) , if you deploy
> an application, Generimo creates a directory config-store/[NUMBER], you must use this
number in the policy file, after a while 
> you undeploy and deploy a new version of that application in this case you obtain a new
number, so you must change the policy file.
> I think that using a [number] as a deployment directory is not the best solution from
the administration perspective. 
> I'm sorry I just give an opinion from the administration point of view maybe there is
a design/performace reason that I can't see.
> 
>    
>   // --------------------------------------------------------------------------------------
> // Permissions for Geronimo V.1.0
> // --------------------------------------------------------------------------------------
>   // Geronimo gets all permissions
> grant codeBase "file:${org.apache.geronimo.base.dir}/lib/-" {
>   permission java.security.AllPermission;
> };
>   grant codeBase "file:${org.apache.geronimo.base.dir}/repository/-" {
>   permission java.security.AllPermission;
> };
>   //----------------------------------------------------------------------
> // From here I set the minimun permissions for my Applications
> // You must change "23" for you Application number, this number is created
> // during deployment phase.
> //----------------------------------------------------------------------
>   grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/23/-" {
>   permission java.lang.RuntimePermission "accessClassInPackage.*";
> };
>   // ---------------------------------------------------------------------
>   grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/1/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/2/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/3/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/4/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/5/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/6/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/7/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/8/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/9/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/10/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/11/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/12/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/13/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/14/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/15/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/16/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/17/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/18/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/19/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/20/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/21/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/22/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/24/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/25/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/26/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/27/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/28/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/29/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/30/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/31/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/32/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/33/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/34/-" {
>   permission java.security.AllPermission;
> };
> grant codeBase "file:${org.apache.geronimo.base.dir}/config-store/35/-" {
>   permission java.security.AllPermission;
> };
>   
>  
> 
> 		
> ---------------------------------
>  1GB gratis, Antivirus y Antispam
>  Correo Yahoo!, el mejor correo web del mundo
>  Abrí tu cuenta aquí

Mime
View raw message