Permalink
Browse files

#3950 added extra policy config to allow core JMX features to work

  • Loading branch information...
1 parent 5142209 commit 2dacc447c9e2f35c3f5e0b0122d93665a95e4204 @ddossot ddossot committed Nov 5, 2013
Showing with 11 additions and 5 deletions.
  1. +11 −5 src/misc/catalina.policy
View
@@ -246,32 +246,41 @@ grant codeBase "file:${catalina.home}/webapps/manager/-" {
// ========== RSB CODE PERMISSIONS =========================================
+grant {
+ permission java.lang.management.ManagementPermission "monitor";
+ permission java.net.SocketPermission "*", "resolve";
+ permission java.util.PropertyPermission "*", "read";
+ permission javax.management.MBeanPermission "*", "getMBeanInfo,isInstanceOf,queryNames,queryMBeans,getAttribute,addNotificationListener";
+};
grant codeBase "file:${catalina.home}/webapps/rsb/-" {
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "getenv.spring.liveBeansView.mbeanDomain";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "getFileSystemAttributes";
+ permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
- permission java.util.PropertyPermission "*", "read";
permission java.util.PropertyPermission "eu.openanalytics.rsb.config.Configuration", "write";
permission java.util.PropertyPermission "org.apache.*", "write";
permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute,delete";
permission java.net.SocketPermission "localhost:*", "listen,connect,accept,resolve";
permission java.net.SocketPermission "127.0.1.1:*", "listen,connect,accept,resolve";
- permission java.net.SocketPermission "*", "resolve";
+
+ permission java.security.SecurityPermission "createAccessControlContext";
+ permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.management.MBeanServerPermission "findMBeanServer";
permission javax.management.MBeanServerPermission "createMBeanServer";
permission javax.management.MBeanTrustPermission "register";
permission javax.management.MBeanPermission "*", "registerMBean,unregisterMBean,invoke";
+ permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.*";
permission javax.xml.ws.WebServicePermission "*";
};
@@ -289,19 +298,16 @@ grant codeBase "file:${catalina.home}/webapps/rservi/-" {
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
- permission java.util.PropertyPermission "*", "read";
permission java.util.PropertyPermission "java.rmi.server.codebase", "write";
permission java.util.PropertyPermission "java.rmi.server.hostname", "write";
permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute,delete";
permission java.net.SocketPermission "localhost:*", "listen,connect,accept,resolve";
permission java.net.SocketPermission "127.0.1.1:*", "listen,connect,accept,resolve";
- permission java.net.SocketPermission "*", "resolve";
permission javax.management.MBeanServerPermission "createMBeanServer";
permission javax.management.MBeanServerPermission "createMBeanServer";
permission javax.management.MBeanTrustPermission "register";
permission javax.management.MBeanPermission "*", "registerMBean,unregisterMBean,invoke";
};
-

0 comments on commit 2dacc44

Please sign in to comment.