// Example permissions for JAAS demo // // For JSPs, you may need to set: // + read,write,delete FilePermission for the scratchDir setting for JASPER // // If you have set the "javax.servlet.context.tempdir" attribute of the webapp // context, you will need to add read,write,delete FilePermissions for this directory. // // To run the JAAS demo, cd $jetty.home/extra/plus and type ant run.jaas.demo grant { permission java.util.PropertyPermission "*", "read"; permission java.io.FilePermission "${install.dir}/../..", "read"; permission java.io.FilePermission "${install.dir}/../../etc", "read"; permission java.io.FilePermission "${install.dir}/../../etc/-", "read"; permission java.io.FilePermission "${install.dir}/../../lib/-", "read"; permission java.io.FilePermission "${install.dir}/../../ext/-", "read"; permission java.io.FilePermission "${install.dir}/../../ext", "read"; permission java.io.FilePermission "${install.dir}/../../-", "read"; permission java.io.FilePermission "/usr/share/java/-", "read"; permission java.io.FilePermission "${jdk.home}${/}lib${/}-", "read"; permission java.io.FilePermission "${jdk.home}${/}jre${/}lib${/}-", "read"; permission java.io.FilePermission "${java.io.tmpdir}", "read,write,delete"; permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete"; permission java.io.FilePermission "${jetty.home}/logs/log4j.log", "write"; permission java.io.FilePermission "${jetty.home}${/}work${/}*", "read,write,execute"; permission java.security.SecurityPermission "getPolicy"; permission javax.security.auth.AuthPermission "doAsPrivileged"; }; grant codeBase "file:${jetty.home}/lib/-" { permission java.net.SocketPermission "localhost:1-65536", "connect,accept,listen,resolve"; permission java.net.SocketPermission "0.0.0.0:1-65536", "connect,accept,listen,resolve"; permission java.net.SocketPermission "127.0.0.1:1-65536", "connect,accept,resolve"; permission java.util.PropertyPermission "*", "read, write"; permission java.io.FilePermission "${jetty.home}${/}-", "read"; permission java.io.FilePermission "${jetty.home}${/}logs${/}*", "read,write,delete"; permission java.io.FilePermission "${jetty.home}${/}cgi-bin${/}-", "read,execute"; permission java.io.FilePermission "${java.io.tmpdir}/-", "read,write,delete"; permission java.security.SecurityPermission "putProviderProperty.SunJSSE"; permission java.security.SecurityPermission "insertProvider.SunJSSE"; permission javax.security.auth.AuthPermission "createLoginContext.jdbc"; permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "setContextClassLoader"; permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "shutdownHooks"; permission java.lang.RuntimePermission "accessClassInPackage.sun.tools.*"; permission java.lang.RuntimePermission "setIO"; }; grant codeBase "file:${jetty.home}/ext/-" { permission java.lang.RuntimePermission "setIO"; permission java.io.FilePermission "/tmp/*", "read,write,delete"; permission java.io.FilePermission "/tmp/-", "read,write,delete"; }; grant codeBase "file:${jetty.home}/extra/lib/org.mortbay.jaas.jar" { permission javax.security.auth.AuthPermission "createLoginContext.jdbc"; permission javax.security.auth.AuthPermission "modifyPrincipals"; permission javax.security.auth.AuthPermission "modifyPrivateCredentials"; }; // Permissions specific to a particular web application grant codeBase "file:${install.dir}/demo/webapps/jaas$/WEB-INF/classes/-" { permission java.io.FilePermission "${install.dir}${/}demo${/}webapps${/}jaas${/}-", "read"; permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete"; permission java.security.SecurityPermission "getPolicy"; }; // for test grant Principal org.mortbay.jaas.JAASPrincipal "me" { permission java.security.SecurityPermission "mySecurityPermission"; };