/* * grant { * * permission java.security.SecurityPermission * "setProperty.net.jini.security.policy.*"; * }; */ grant codebase "file:${org.apache.river.jsk.home}${/}lib${/}jsk-platform.jar" { permission java.security.AllPermission "", ""; }; grant codebase "file:${org.apache.river.jsk.home}${/}lib${/}jsk-lib.jar" { permission java.security.AllPermission "", ""; }; grant codebase "file:${org.apache.river.jsk.home}${/}lib${/}jini-ext.jar" { permission java.security.AllPermission "", ""; }; grant codebase "file:${org.apache.river.qa.harness.harnessJar}" { permission net.jini.security.GrantPermission "java.security.AllPermission \"\", \"\""; }; grant codebase "file:${org.apache.river.qa.home}${/}lib${/}qa1-jini-latest.jar" { permission net.jini.security.GrantPermission "java.security.AllPermission \"\", \"\""; }; grant codebase "file:${org.apache.river.qa.harness.harnessJar}" principal javax.security.auth.x500.X500Principal "CN=Tester" { // Allow dynamic grants permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.x500.X500Principal \\\"CN=Tester\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=Tester\"", "connect,accept"; // needed to allow the discovery protocol simulator to talk to the lookup simulator permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.x500.X500Principal \\\"CN=Reggie\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=Reggie\"", "connect,accept"; permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.kerberos.KerberosPrincipal \\\"${test}\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${test}\"", "connect,accept"; permission java.lang.RuntimePermission "enableContextClassLoaderOverride"; }; grant codebase "file:${org.apache.river.qa.harness.harnessJar}" principal javax.security.auth.kerberos.KerberosPrincipal "${test}" { // Allow dynamic grants permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.kerberos.KerberosPrincipal \\\"${test}\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${test}\"", "connect,accept"; // needed to allow the discovery protocol simulator to talk to the lookup simulator permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.kerberos.KerberosPrincipal \\\"${reggie}\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${reggie}\"", "connect,accept"; permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.kerberos.KerberosPrincipal \\\"${test}\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${test}\"", "connect,accept"; permission java.lang.RuntimePermission "enableContextClassLoaderOverride"; }; grant codebase "file:${org.apache.river.qa.harness.harnessJar}" principal javax.security.auth.x500.X500Principal "CN=Reggie" { permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=Reggie\"", "connect,accept"; permission java.security.SecurityPermission "getProperty.net.jini.security.policy.*"; permission net.jini.io.context.ContextPermission "net.jini.io.context.ClientSubject.getClientSubject"; }; grant codebase "file:${org.apache.river.qa.harness.harnessJar}" principal javax.security.auth.kerberos.KerberosPrincipal "${reggie}" { permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${reggie}\"", "connect,accept"; permission java.security.SecurityPermission "getProperty.net.jini.security.policy.*"; }; grant codebase "file:${org.apache.river.qa.harness.harnessJar}" principal javax.security.auth.x500.X500Principal "CN=Mahalo" { permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=Mahalo\"", "connect,accept"; }; grant codebase "file:${org.apache.river.qa.harness.harnessJar}" principal javax.security.auth.kerberos.KerberosPrincipal "${mahalo}" { permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${mahalo}\"", "connect,accept"; }; grant codebase "file:${org.apache.river.qa.home}${/}lib${/}harness.jar" { // Allow dynamic grants permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.x500.X500Principal \\\"CN=Tester\\\"\", \"connect\""; permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.kerberos.KerberosPrincipal \\\"${test}\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=Tester\"", "connect,accept"; permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${test}\"", "connect,accept"; }; grant codebase "file:${org.apache.river.qa.home}${/}lib${/}qa1-start-tests.jar" { // Allow dynamic grants permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.x500.X500Principal \\\"CN=Tester\\\"\", \"connect\""; permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.kerberos.KerberosPrincipal \\\"${test}\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=Tester\"", "connect,accept"; permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${test}\"", "connect,accept"; }; //NOTE: temporarily use lower case principal names for the discovery // principal names, due to canonicalization performed when the // discovery packets are encoded // just in case grant principal javax.security.auth.x500.X500Principal "CN=tester" { permission net.jini.security.AccessPermission "multicastRequest"; }; grant principal javax.security.auth.x500.X500Principal "CN=Tester" { permission net.jini.security.AccessPermission "unicastDiscovery"; }; grant principal javax.security.auth.x500.X500Principal "CN=Norm" { permission net.jini.security.AccessPermission "notify"; permission net.jini.security.AccessPermission "renew"; permission net.jini.security.AccessPermission "renewAll"; permission net.jini.security.AccessPermission "cancel"; permission net.jini.security.AccessPermission "cancelAll"; permission net.jini.security.AccessPermission "getProxyVerifier"; permission net.jini.security.AccessPermission "unicastDiscovery"; }; grant principal javax.security.auth.x500.X500Principal "CN=norm" { permission net.jini.security.AccessPermission "multicastRequest"; }; grant principal javax.security.auth.x500.X500Principal "CN=Fiddler" { permission net.jini.security.AccessPermission "getProxyVerifier"; permission net.jini.security.AccessPermission "notify"; permission net.jini.security.AccessPermission "unicastDiscovery"; }; grant principal javax.security.auth.x500.X500Principal "CN=fiddler" { permission net.jini.security.AccessPermission "multicastRequest"; }; grant principal javax.security.auth.x500.X500Principal "CN=Reggie" { permission net.jini.security.AccessPermission "getProxyVerifier"; permission net.jini.security.AccessPermission "notify"; permission net.jini.security.AccessPermission "unicastDiscovery"; }; grant principal javax.security.auth.x500.X500Principal "CN=reggie" { permission net.jini.security.AccessPermission "multicastRequest"; }; grant principal javax.security.auth.x500.X500Principal "CN=Mercury" { permission net.jini.security.AccessPermission "getProxyVerifier"; permission net.jini.security.AccessPermission "notify"; permission net.jini.security.AccessPermission "unicastDiscovery"; }; grant principal javax.security.auth.x500.X500Principal "CN=mercury" { permission net.jini.security.AccessPermission "multicastRequest"; }; grant principal javax.security.auth.x500.X500Principal "CN=Outrigger" { permission net.jini.security.AccessPermission "notify"; permission net.jini.security.AccessPermission "unicastDiscovery"; // for TesterTransactionManager's verifier permission net.jini.security.AccessPermission "getProxyVerifier"; }; grant principal javax.security.auth.x500.X500Principal "CN=outrigger" { permission net.jini.security.AccessPermission "multicastRequest"; }; grant principal javax.security.auth.x500.X500Principal "CN=Mahalo" { permission net.jini.security.AccessPermission "getProxyVerifier"; permission net.jini.security.AccessPermission "prepare"; permission net.jini.security.AccessPermission "commit"; permission net.jini.security.AccessPermission "prepareAndCommit"; permission net.jini.security.AccessPermission "abort"; permission net.jini.security.AccessPermission "unicastDiscovery"; }; grant principal javax.security.auth.x500.X500Principal "CN=mahalo" { permission net.jini.security.AccessPermission "multicastRequest"; }; // needed by TesterTransactionManager grant principal javax.security.auth.x500.X500Principal "CN=Outrigger" { permission net.jini.security.AccessPermission "join"; permission net.jini.security.AccessPermission "abort"; permission net.jini.security.AccessPermission "commit"; permission net.jini.security.AccessPermission "getState"; }; grant principal javax.security.auth.kerberos.KerberosPrincipal "${norm}" { permission net.jini.security.AccessPermission "notify"; permission net.jini.security.AccessPermission "renew"; permission net.jini.security.AccessPermission "renewAll"; permission net.jini.security.AccessPermission "cancel"; permission net.jini.security.AccessPermission "cancelAll"; permission net.jini.security.AccessPermission "getProxyVerifier"; }; grant principal javax.security.auth.kerberos.KerberosPrincipal "${fiddler}" { permission net.jini.security.AccessPermission "getProxyVerifier"; permission net.jini.security.AccessPermission "notify"; }; grant principal javax.security.auth.kerberos.KerberosPrincipal "${reggie}" { permission net.jini.security.AccessPermission "getProxyVerifier"; permission net.jini.security.AccessPermission "notify"; }; grant principal javax.security.auth.kerberos.KerberosPrincipal "${mercury}" { permission net.jini.security.AccessPermission "getProxyVerifier"; permission net.jini.security.AccessPermission "notify"; }; grant principal javax.security.auth.kerberos.KerberosPrincipal "${outrigger}" { permission net.jini.security.AccessPermission "notify"; // for TesterTransactionManager's verifier permission net.jini.security.AccessPermission "getProxyVerifier"; }; grant principal javax.security.auth.kerberos.KerberosPrincipal "${mahalo}" { permission net.jini.security.AccessPermission "prepare"; permission net.jini.security.AccessPermission "commit"; permission net.jini.security.AccessPermission "prepareAndCommit"; permission net.jini.security.AccessPermission "abort"; permission net.jini.security.AccessPermission "getProxyVerifier"; }; // needed by TesterTransactionManager grant principal javax.security.auth.kerberos.KerberosPrincipal "${outrigger}" { permission net.jini.security.AccessPermission "join"; permission net.jini.security.AccessPermission "abort"; permission net.jini.security.AccessPermission "commit"; permission net.jini.security.AccessPermission "getState"; }; grant { permission java.security.SecurityPermission "setProperty.org.apache.river.start.AggregatePolicyProvider.mainPolicyClass"; permission java.security.SecurityPermission "getProperty.org.apache.river.start.AggregatePolicyProvider.mainPolicyClass"; permission java.security.SecurityPermission "getProperty.net.jini.security.policy.DynamicPolicyProvider.basePolicyClass"; permission java.security.SecurityPermission "getProperty.net.jini.security.policy.PolicyFileProvider.basePolicyClass"; permission java.security.SecurityPermission "getProperty.org.apache.river.start.servicePolicyProvider"; permission java.lang.RuntimePermission "accessClassInPackage.sun.security.provider"; // special case for some jeri tests permission net.jini.export.ExportPermission "exportRemoteInterface.org.apache.river.qa.spec.jeri.abstractilfactory.AccessorTest$FakeRemoteInterface"; permission net.jini.export.ExportPermission "exportRemoteInterface.org.apache.river.qa.spec.jeri.abstractilfactory.AccessorTest$FakeRemoteSubInterface"; permission net.jini.export.ExportPermission "exportRemoteInterface.org.apache.river.qa.spec.jeri.basicilfactory.CreateInstancesTest$FakeRemoteInterface"; permission net.jini.export.ExportPermission "exportRemoteInterface.org.apache.river.qa.spec.jeri.basicilfactory.CreateInstancesTest$FakeRemoteSubInterface"; permission javax.security.auth.AuthPermission "createLoginContext.transport.KerberosClient"; permission javax.security.auth.AuthPermission "createLoginContext.transport.KerberosServer"; permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "setContextClassLoader"; permission java.lang.RuntimePermission "createSecurityManager"; permission java.lang.RuntimePermission "setSecurityManager"; permission java.lang.RuntimePermission "getProtectionDomain"; // removable if start in separate jar? permission java.lang.RuntimePermission "setIO"; permission java.lang.RuntimePermission "setFactory"; permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources"; permission javax.security.auth.AuthPermission "createLoginContext.org.apache.river.Test"; permission javax.security.auth.AuthPermission "doAs"; permission java.security.SecurityPermission "setPolicy"; permission java.security.SecurityPermission "getPolicy"; permission java.security.SecurityPermission "getDomainCombiner"; permission java.security.SecurityPermission "createAccessControlContext"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission javax.security.auth.AuthPermission "modifyPrincipals"; permission javax.security.auth.AuthPermission "doAsPrivileged"; permission java.net.NetPermission "specifyStreamHandler"; // needed by org.apache.river.qa.impl.outrigger.matching.MonitoredSpaceListener permission javax.security.auth.AuthPermission "createLoginContext.org.apache.river.Outrigger"; // needed by org.apache.river.qa.share.TesterTransactionManager permission javax.security.auth.AuthPermission "createLoginContext.org.apache.river.Mahalo"; // needed by the DiscoveryProtocolSimulator permission javax.security.auth.AuthPermission "createLoginContext.org.apache.river.Reggie"; // Allow reflection to examine service starter framework classes permission java.lang.RuntimePermission "accessDeclaredMembers"; // Allow logging control for setting the Formatter and Handler permission java.util.logging.LoggingPermission "control"; // Allow loading of Sun's RMI impl classes permission java.lang.RuntimePermission "accessClassInPackage.sun.rmi.server"; permission java.net.SocketPermission "*:80", "connect"; permission java.net.SocketPermission "*:1024-", "connect,accept"; permission java.net.SocketPermission "224.0.1.84", "connect,accept"; permission java.net.SocketPermission "224.0.1.85", "connect,accept"; // File read,write,delete permissions. // // Read permissions must be granted from the top-level root // directory because the various policy files (ex. policy.reggie, // policy.fiddler, etc.) and the various executable jar files // (ex. reggie.jar, fiddler.jar, etc.) must be read by the harness. // Since the test suite may be installed into any directory // (the 'installDir' item in qaHarness.prop), it is impossible to // know a priori the path to the policy and jar files. Therefore, // this policy file allows read permission for all files throughout // the whole disk. // // Since the test harness creates, accesses, and ultimately deletes // a number of temporary files in the current working directory, // read, write, and delete permissions must be granted for all // files in the current working directory. (Note that read permission // is already granted to all files in the current working directory // when read permission was granted for all files on the disk.) // // Because the services that are tested will persist their state // to directories under the system 'tmp' directory (/tmp on some // unixes, /var/tmp on other unixes; c:\temp on WinNT, c:\windows\temp // on Win95/98), read, write, and delete permissions must be // given for each of those directories. As with the current directory, // read permission is already granted for all files in the system // tmp directory when read permission was granted for all files on // the disk. // unix file system read,write,delete permissions permission java.io.FilePermission "/", "read"; permission java.io.FilePermission "/-", "read"; permission java.io.FilePermission "./-", "write,delete"; permission java.io.FilePermission "/tmp", "write,delete"; permission java.io.FilePermission "/tmp/-", "write,delete"; permission java.io.FilePermission "/var/tmp", "write,delete"; permission java.io.FilePermission "/var/tmp/-", "write,delete"; // dos (Windows) file system read,write,delete permissions permission java.io.FilePermission "c:\\", "read"; permission java.io.FilePermission "c:\\-", "read"; permission java.io.FilePermission "d:\\", "read"; permission java.io.FilePermission "d:\\-", "read"; permission java.io.FilePermission ".\\-", "write,delete"; permission java.io.FilePermission "c:\\temp", "write,delete"; permission java.io.FilePermission "c:\\temp\\-", "write,delete"; permission java.io.FilePermission "c:\\windows\\temp", "write,delete"; permission java.io.FilePermission "c:\\windows\\temp\\-", "write,delete"; permission java.io.FilePermission "d:\\temp", "write,delete"; permission java.io.FilePermission "d:\\temp\\-", "write,delete"; permission java.io.FilePermission "d:\\windows\\temp", "write,delete"; permission java.io.FilePermission "d:\\windows\\temp\\-", "write,delete"; // default temp directory permission java.io.FilePermission "${java.io.tmpdir}", "read,write,delete"; permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete"; // grant permission to execute <> permission java.io.FilePermission "<>", "execute"; // A number of tests (ex. ServiceDiscoveryManager tests) change // the current value of certain system properties during setup, and // then change those values back to their original value (which may // be no value at all) during tearDown. It is important to be able // to do this so that system properties set in one test don't affect // future tests. If a property set during setup originally did not // exist in the set of system properties, then at tearDown that // property must actually be removed; that is, merely invoking // System.setProperty() will not suffice. To remove a property // from the system properties, System.getProperties() must first // be called to retrieve the current set of system properties // with which the test was run, then the targetted properties must // be removed from the set, and finally System.setProperties() // must be called to replace the current set of properties with // the new set. In order to do this, both read and write permission // must be granted for all properties. Thus, if read and write // permission is granted for all properties, there is no need to // grant read or write permission for individual properties // associated with separate tests. permission java.util.PropertyPermission "*", "read,write"; // discovery-specific PropertyPermission needed by the harness permission net.jini.discovery.DiscoveryPermission "*"; }; // added to grant permissions to the jini dependencies jar files. Not sure which of these are required grant codebase "file:${org.apache.river.qa.home}${/}lib${/}qa1-jini-latest.jar" principal javax.security.auth.x500.X500Principal "CN=Tester" { // Allow dynamic grants permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.x500.X500Principal \\\"CN=Tester\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=Tester\"", "connect,accept"; // needed to allow the discovery protocol simulator to talk to the lookup simulator permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.x500.X500Principal \\\"CN=Reggie\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=Reggie\"", "connect,accept"; permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.kerberos.KerberosPrincipal \\\"${test}\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${test}\"", "connect,accept"; }; grant codebase "file:${org.apache.river.qa.home}${/}lib${/}qa1-jini-latest.jar" principal javax.security.auth.kerberos.KerberosPrincipal "${test}" { // Allow dynamic grants permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.kerberos.KerberosPrincipal \\\"${test}\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${test}\"", "connect,accept"; // needed to allow the discovery protocol simulator to talk to the lookup simulator permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.kerberos.KerberosPrincipal \\\"${reggie}\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${reggie}\"", "connect,accept"; permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.kerberos.KerberosPrincipal \\\"${test}\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${test}\"", "connect,accept"; }; grant codebase "file:${org.apache.river.qa.home}${/}lib${/}qa1-jini-latest.jar" principal javax.security.auth.x500.X500Principal "CN=Reggie" { permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=Reggie\"", "connect,accept"; permission java.security.SecurityPermission "getProperty.net.jini.security.policy.*"; permission net.jini.io.context.ContextPermission "net.jini.io.context.ClientSubject.getClientSubject"; }; grant codebase "file:${org.apache.river.qa.home}${/}lib${/}qa1-jini-latest.jar" principal javax.security.auth.kerberos.KerberosPrincipal "${reggie}" { permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${reggie}\"", "connect,accept"; permission java.security.SecurityPermission "getProperty.net.jini.security.policy.*"; }; grant codebase "file:${org.apache.river.qa.home}${/}lib${/}qa1-jini-latest.jar" principal javax.security.auth.x500.X500Principal "CN=Mahalo" { permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=Mahalo\"", "connect,accept"; }; grant codebase "file:${org.apache.river.qa.home}${/}lib${/}qa1-jini-latest.jar" principal javax.security.auth.kerberos.KerberosPrincipal "${mahalo}" { permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${mahalo}\"", "connect,accept"; }; // shouldn't be needed - packaging problem with the lookup simulator? grant codebase "file:${org.apache.river.qa.home}${/}lib${/}qa1-share-dl.jar" { // Allow dynamic grants permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.x500.X500Principal \\\"CN=Tester\\\"\", \"connect\""; permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.kerberos.KerberosPrincipal \\\"${test}\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=Tester\" javax.security.auth.kerberos.KerberosPrincipal \"${test}\"", "connect,accept"; permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=Reggie\" javax.security.auth.kerberos.KerberosPrincipal \"${reggie}\"", "connect"; }; grant codebase "file:${org.apache.river.qa.harness.testJar}" principal javax.security.auth.x500.X500Principal "CN=Tester" { // Allow dynamic grants permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.x500.X500Principal \\\"CN=Tester\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=Tester\"", "connect,accept"; // needed to allow the discovery protocol simulator to talk to the lookup simulator permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.x500.X500Principal \\\"CN=Reggie\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=Reggie\"", "connect,accept"; permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.kerberos.KerberosPrincipal \\\"${test}\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${test}\"", "connect,accept"; permission java.lang.RuntimePermission "enableContextClassLoaderOverride"; }; grant codebase "file:${org.apache.river.qa.harness.testJar}" principal javax.security.auth.kerberos.KerberosPrincipal "${test}" { // Allow dynamic grants permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.kerberos.KerberosPrincipal \\\"${test}\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${test}\"", "connect,accept"; // needed to allow the discovery protocol simulator to talk to the lookup simulator permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.kerberos.KerberosPrincipal \\\"${reggie}\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${reggie}\"", "connect,accept"; permission net.jini.security.GrantPermission "net.jini.security.AuthenticationPermission \"javax.security.auth.kerberos.KerberosPrincipal \\\"${test}\\\"\", \"connect\""; permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${test}\"", "connect,accept"; permission java.lang.RuntimePermission "enableContextClassLoaderOverride"; }; grant codebase "file:${org.apache.river.qa.harness.testJar}" principal javax.security.auth.x500.X500Principal "CN=Reggie" { permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=Reggie\"", "connect,accept"; permission java.security.SecurityPermission "getProperty.net.jini.security.policy.*"; permission net.jini.io.context.ContextPermission "net.jini.io.context.ClientSubject.getClientSubject"; }; grant codebase "file:${org.apache.river.qa.harness.testJar}" principal javax.security.auth.kerberos.KerberosPrincipal "${reggie}" { permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${reggie}\"", "connect,accept"; permission java.security.SecurityPermission "getProperty.net.jini.security.policy.*"; }; grant codebase "file:${org.apache.river.qa.harness.testJar}" principal javax.security.auth.x500.X500Principal "CN=Mahalo" { permission net.jini.security.AuthenticationPermission "javax.security.auth.x500.X500Principal \"CN=Mahalo\"", "connect,accept"; }; grant codebase "file:${org.apache.river.qa.harness.testJar}" principal javax.security.auth.kerberos.KerberosPrincipal "${mahalo}" { permission net.jini.security.AuthenticationPermission "javax.security.auth.kerberos.KerberosPrincipal \"${mahalo}\"", "connect,accept"; };