river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter <j...@zeus.net.au>
Subject Re: Tools to make life easier for new users.
Date Wed, 06 Apr 2016 19:30:07 GMT
Greg, the message I got from you previously was you wanted tools to make life easier for new
develooers, that you weren't concerned about security as your code ran behind the firewall
on local networks?

I'm trying to find common ground with you, to salvage what's left of the project.

It would be relatively simple to modify the tool, to allow a user developer to approve or
dissaprove permission calls.  But if you don't like, what do you want?  Tell us your goals,
inspire us.

Deserialization gadget attacks, google it, our security model is broken.  Our cyphers are
out of date, attackers can use them to steal your keys.  We must be honest with our users,
river is presently insecure.

One of my dissapointments was not doing enought to fix security.

Are we living in fear of change?  

Peter.

Sent from my Samsung device.
 
  Include original message
---- Original message ----
From: Greg Trasuk <trasukg@stratuscom.com>
Sent: 07/04/2016 03:50:55 am
To: dev@river.apache.org
Subject: Re: Tools to make life easier for new users.


I don’t know - personally I don’t like the idea of just running a program and hoping it doesn’t do anything malicious.   By using a tool like this, you’re basically running the system unprotected for some period of time, to find out what permissions are needed.


When I was writing the Harvester container, I toyed with having the application provide a file that lists its “required” security permissions.  I ended up rejecting the idea, because it real question was what permissions the container owner wanted to allow, not what the application wanted to use.


Unpleasant as it is, I think it’s probably best to lock down the security manager, then when the app throws a security exception, you make a decision as to whether you want to open up that permission, or whether you want to give up on running that app.  Ditto with a proxy - start with granting as few permissions as possible after Proxy verification, and then if you see failures, make a decision.


In passing, a while ago I investigated the deserialization flaws that everyone was excited about.  I verified that with the proper classloader and security setup, a proxy is loaded into a zero-privilege environment.  So for instance, it isn’t possible to call System.setSecurityManager(…) in a proxy’s constructor or unmarshalling code.  I didn’t look deeply into whether it was possible to return a malicious class from a remote method call, but I don’t see any reason to think the unmarshalling would be significantly different.  Wouldn’t want to say conclusively without further investigation, though.



Cheers, 

Greg Trasuk 

> On Apr 6, 2016, at 8:14 AM, Peter <jini@zeus.net.au> wrote: 
>  
> Example of security policy generation.  In this case I didn't have aliases for the JCE provider certs, but you get the picture, you'll not it also includes whatever Principals your code is running with.

>  
> You run your program, use each process and the permission required will be generated into a policy file.  It conforms to least privilege principles:

>  
> grant signedBy "null,null", codebase "file:/C:/Program%20Files/Java/jdk1.8.0/jre/lib/ext/sunjce_provider.jar"

> { 
>    permission java.security.SecurityPermission "putProviderProperty.SunJCE"; 
> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-lib.jar"

> { 
>    permission org.apache.river.thread.ThreadPoolPermission "getSystemThreadPool";

>    permission java.net.SocketPermission "medusa", "resolve"; 
>    permission java.lang.RuntimePermission "getClassLoader"; 
>    permission java.lang.RuntimePermission "modifyThread"; 
>    permission java.lang.RuntimePermission "modifyThreadGroup"; 
>    permission java.lang.RuntimePermission "setContextClassLoader"; 
>    permission java.lang.RuntimePermission "shutdownHooks"; 
> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US", 
>    principal javax.security.auth.x500.X500Principal "CN=serverRSA", 
>    principal TestUtilities.TestPrincipal "testServer" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverDSA,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen";

>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US", 
>    principal javax.security.auth.x500.X500Principal "CN=serverRSA", 
>    principal TestUtilities.TestPrincipal "testServer" 
> { 
>    permission netjini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverDSA,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen";

>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTwork/classes/net/jini/jeri/ssl/UnitTests/",

>    principal javax.security.auth.x500.X500Principal "CN=serverRSA2" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA2\"", "listen";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US" 
> { 
>    permission java.util.PropertyPermission "org.apache.river.jerissl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=clientDSA" 
> { 
>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US", 
>    principal javax.security.auth.x500.X500Principal "CN=serverRSA", 
>    principal TestUtilities.TestPrincipal "testServer" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverDSA,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.securityauth.x500.X500Principal \"CN=serverRSA\"", "listen";

>    permission java.util.PropertyPermission "orgapache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US", 
>    principal javax.security.auth.x500.X500Principal "CN=serverRSA", 
>    principal TestUtilities.TestPrincipal "testServer" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverDSA,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen";

>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Program%20Files/jtreg-4.1-bin-b05_29_nov_2012/jtreg/lib/javatest.jar"

> { 
>    permission java.lang.RuntimePermission "exitVM.97"; 
> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTwork/classes/net/jini/jeri/ssl/UnitTests/",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US", 
>    principal javax.security.auth.x500.X500Principal "CN=serverRSA", 
>    principal TestUtilities.TestPrincipal "testServer" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverDSA,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=serverRSA2" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA2\"", "listen";

>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javaxsecurity.auth.x500.X500Principal "CN=serverDSA,C=US", 
>    principal javax.security.auth.x500.X500Principal "CN=serverRSA", 
>    principal TestUtilities.TestPrincipal "testServer" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverDSA,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen";

>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US" 
> { 
>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar"

> { 
>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US", 
>    principal javax.security.auth.x500X500Principal "CN=serverRSA", 
>    principal TestUtilities.TestPrincipal "testServer" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverDSA,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen";

>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US", 
>    principal javax.security.auth.x500.X500Principal "CN=serverRSA", 
>    principal TestUtilities.TestPrincipal "testServer" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverDSA,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen";

>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US", 
>    principal javax.security.auth.x500.X500Principal "CN=serverRSA", 
>    principal TestUtilities.TestPrincipal "testServer" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverDSA,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen";

>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant signedBy "null,null", codebase "file:/C:/Program%20Files/Java/jdk1.80/jre/lib/ext/sunec.jar"

> { 
>    permission java.security.SecurityPermission "putProviderProperty.SunEC"; 
>    permission java.io.FilePermission "C:\Program%20Files\Java\jdk1.8.0\jre\lib\ext\sunec.dll", "read";

>    permission java.io.FilePermission "C:\Program%20Files\Java\jdk1.8.0\jre\lib\ext\x86\sunec.dll", "read";

>    permission java.lang.RuntimePermission "accessClassInPackage.sun.security.action";

>    permission java.lang.RuntimePermission "accessClassInPackage.sun.security.util";

>    permission java.lang.RuntimePermission "loadLibrary.sunec"; 
> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar"

> { 
>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTwork/classes/net/jini/jeri/ssl/UnitTests/",

>    principal javaxsecurity.auth.x500.X500Principal "CN=serverRSA2" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA2\"", "listen";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTwork/classes/net/jini/jeri/ssl/UnitTests/",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US", 
>    principal javax.security.auth.x500.X500Principal "CN=serverRSA", 
>    principal TestUtilities.TestPrincipal "testServer" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverDSA,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTwork/classes/net/jini/jeri/ssl/UnitTests/",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US", 
>    principal javax.security.auth.x500.X500Principal "CN=serverRSA", 
>    principal TestUtilities.TestPrincipal "testServer" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverDSA,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar"

> { 
>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTwork/classes/net/jini/jeri/ssl/UnitTests/",

>    principal javax.security.auth.x500.X500Principal "CN=serverRSA" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverDSA,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=serverRSA2" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA2\"", "listen";

>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=clientDSA" 
> { 
>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US", 
>    principal javax.security.auth.x500.X500Principal "CN=serverRSA", 
>    principal TestUtilities.TestPrincipal "testServer" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverDSA,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen";

>    permission java.util.PropertyPermission "org.apache.river.jerissl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US" 
> { 
>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTwork/classes/net/jini/jeri/ssl/UnitTests/",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US", 
>    principal javax.security.auth.x500.X500Principal "CN=serverRSA", 
>    principal TestUtilities.TestPrincipal "testServer" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverDSA,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=clientDSA" 
> { 
>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTwork/classes/net/jini/jeri/ssl/UnitTests/",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US", 
>    principal javax.security.auth.x500.X500Principal "CN=serverRSA", 
>    principal TestUtilities.TestPrincipal "testServer" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverDSA,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=serverRSA2" 
> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA2\"", "listen";

>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTwork/classes/net/jini/jeri/ssl/UnitTests/"

> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=clientRSA1,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=clientRSA2\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverDSA,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA2\"", "listen";

>    permission java.security.SecurityPermission "getPolicy"; 
>    permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; 
>    permission java.util.PropertyPermission "*", "read,write"; 
>    permission javax.security.auth.AuthPermission "doAs"; 
>    permission javax.security.auth.AuthPermission "doAsPrivileged"; 
>    permission javax.security.auth.AuthPermission "modifyPrincipals"; 
>    permission javax.security.auth.AuthPermission "modifyPrivateCredentials"; 
>    permission javax.security.auth.AuthPermission "modifyPublicCredentials"; 
>    permission javax.security.auth.AuthPermission "setReadOnly"; 
>    permission java.ioFilePermission "C:\Users\peter\Documents\NetBeansProjects\river-internet\qa\jtreg\net\jini\jeri\ssl\UnitTests\keystore", "read";

>    permission java.net.SocketPermission "localhost:0", "listen,resolve"; 
>    permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.x500.X500PrivateCredential", "read";

>    permission javax.security.auth.PrivateCredentialPermission "sun.security.provider.DSAPrivateKey", "read";

>    permission java.lang.RuntimePermission "accessDeclaredMembers"; 
>    permission java.lang.RuntimePermission "getProtectionDomain"; 
> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US" 
> { 
>    permission java.util.PropertyPermission "org.apache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTwork/classes/net/jini/jeri/ssl/UnitTests/",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US", 
>    principal javax.security.auth.x500.X500Principal "CN=serverRSA", 
>    principal TestUtilities.TestPrincipal "testServer" 
> { 
>    permission netjini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverDSA,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar",

>    principal javax.security.auth.x500.X500Principal "CN=serverDSA,C=US" 
> { 
>    permission java.util.PropertyPermission "orgapache.river.jeri.ssl.maxServerSessionDuration", "read";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTwork/classes/net/jini/jeri/ssl/UnitTests/",

>    principal javax.security.auth.x500.X500Principal "CN=serverRSA2" 
> { 
>    permission net.jini.security..AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA2\"", "listen";

> }; 
>  
> grant codebase "file:/C:/Users/peter/Documents/NetBeansProjects/river-internet/qa/jtreg/JTlib-tmp/jsk-platform.jar"

> { 
>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=clientRSA1,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=clientRSA2\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverDSA,C=US\"", "listen";

>    permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=serverRSA\"", "listen";

>    permission java.security.SecurityPermission "createAccessControlContext"; 
>    permission java.security.SecurityPermission "getDomainCombiner"; 
>    permission java.security.SecurityPermission "getPolicy"; 
>    permission java.security.SecurityPermission "getProperty.auth.policy.provider";

>    permission java.security.SecurityPermission "getProperty.jdk.certpath.disabledAlgorithms";

>    permission java.security.SecurityPermission "getProperty.jdk.tls.disabledAlgorithms";

>    permission java.security.SecurityPermission "getProperty.keystore.type"; 
>    permission java.security.SecurityPermission "getProperty.ssl.KeyManagerFactory.algorithm";

>    permission java.security.SecurityPermission "getProperty.ssl.SocketFactory.provider";

>    permission java.security.SecurityPermission "getProperty.ssl.TrustManagerFactory.algorithm";

>    permission java.security.SecurityPermission "putProviderProperty.SUN"; 
>    permission java.security.SecurityPermission "putProviderProperty.SunEC"; 
>    permission java.security.SecurityPermission "putProviderProperty.SunJCE"; 
>    permission java.util.logging.LoggingPermission "control"; 
>    permission org.apache.river.discovery.internal.EndpointInternalsPermission "set";

>    permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; 
>    permission java.util.PropertyPermission "*", "read,write"; 
>    permission org.apache.river.thread.ThreadPoolPermission "getSystemThreadPool";

>    permission javax.security.auth.AuthPermission "doAs"; 
>    permission javax.security.auth.AuthPermission "doAsPrivileged"; 
>    permission javax.security.auth.AuthPermission "getSubject"; 
>    permission javax.security.auth.AuthPermission "getSubjectFromDomainCombiner";

>    permission javax.security.auth.AuthPermission "modifyPrincipals"; 
>    permission javax.security.auth.AuthPermission "modifyPrivateCredentials"; 
>    permission javax.security.auth.AuthPermission "modifyPublicCredentials"; 
>    permission javax.security.auth.AuthPermission "setReadOnly"; 
>    permission java.io.FilePermission "C:\Program Files\Java\jdk1.8.0\jre\bin\net.dll", "read";

>    permission java.io.FilePermission "C:\Program Files\Java\jdk1.8.0\jre\bin\sunec.dll", "read";

>    permission java.io.FilePermission "C:\Program Files\Java\jdk1.8.0\jre\classes", "read";

>    permission java.io.FilePermission "C:\Program Files\Java\jdk1.8.0\jre\lib", "read";

>    permission java.io.FilePermission "C:\Program Files\Java\jdk1.8.0\jre\lib\charsets.jar", "read";

>    permission java.io.FilePermission "C:\Program Files\Java\jdk1.8.0\jre\lib\ext\cldrdata.jar", "read";

>    permission java.io.FilePermission "C:\Program Files\Java\jdk1.8.0\jre\lib\ext\localedata.jar", "read";

>    permission java.io.FilePermission "C:\Program Files\Java\jdk1.8.0\jre\lib\ext\sunec.jar", "read";

>    permission java.io.FilePermission "C:\Program Files\Java\jdk1.8.0\jre\lib\ext\sunjce_provider.jar", "read";

>    permission java.io.FilePermission "C:\Program Files\Java\jdk1.8.0\jre\lib\ext\sunmscapi.jar", "read";

>    permission java.io.FilePermission "C:\Program Files\Java\jdk1.8.0\jre\lib\ext\sunpkcs11.jar", "read";

>    permission java.io.FilePermission "C:\Program Files\Java\jdk1.8.0\jre\lib\jce.jar", "read";

>    permission java.io.FilePermission "C:\Program Files\Java\jdk1.8.0\jre\lib\jfr.jar", "read";

>    permission java.io.FilePermission "C:\Program Files\Java\jdk1.8.0\jre\lib\jsse.jar", "read";

>    permission java.io.FilePermission "C:\Program Files\Java\jdk1.8.0\jre\lib\logging.properties", "read";

>    permission java.io.FilePermission "C:\Program Files\Java\jdk1.8.0\jre\lib\management\usagetracker.properties", "read";

>    permission java.io.FilePermission "C:\Program Files\Java\jdk1.8.0\jre\lib\meta-index", "read";

>    permission java.io.FilePermission "C:\Program Files\Java\jdk1.8.0\jre\lib\resources.jar", "read";



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message