// // The contents of this file are subject to the terms // of the Common Development and Distribution License // (the "License"). You may not use this file except // in compliance with the License. // // You can obtain a copy of the license at // glassfish/bootstrap/legal/CDDLv1.0.txt or // https://glassfish.dev.java.net/public/CDDLv1.0.html. // See the License for the specific language governing // permissions and limitations under the License. // // When distributing Covered Code, include this CDDL // HEADER in each file and include the License file at // glassfish/bootstrap/legal/CDDLv1.0.txt. If applicable, // add the following below this CDDL HEADER, with the // fields enclosed by brackets "[]" replaced with your // own identifying information: Portions Copyright [yyyy] // [name of copyright owner] // /* Copyright 2004 Sun Microsystems, Inc. All rights reserved. */ /* SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */ grant { permission java.lang.RuntimePermission "accessClassInPackage.sun.io"; permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "accessDeclaredMembers"; permission com.waveset.repository.test.testConcurrentLocking "read"; permission java.net.SocketPermission "*", "connect,resolve"; permission java.io.FilePermission "*", "read"; permission java.util.PropertyPermission "*", "read,write"; }; grant codeBase "file:${waveset.home}/-" { permission java.util.PropertyPermission "waveset.home", "read,write"; permission java.util.PropertyPermission "security.provider", "read,write"; permission java.io.FilePermission "${waveset.home}${/} *", "read,write,execute"; permission java.io.FilePermission "${waveset.home}/help/index/-", "read,write,execute,delete"; permission java.io.FilePermission "$(java.io.tmpdir)$(/)*", "read,write,delete"; permission java.util.PropertyPermission "*", "read,write"; permission java.lang.RuntimePermission "accessClassInPackage.sun.io"; permission java.net.SocketPermission "*", "connect,resolve"; }; // Adding to make openSSO resource adapter in IDM working fine. grant { permission java.lang.RuntimePermission "shutdownHooks"; permission java.io.FilePermission "${waveset.home}/WEB-INF/spe/config/spe.tld", "read"; }; // Core server classes get all permissions by default grant codeBase "file:${com.sun.aas.installRoot}/lib/-" { permission java.security.AllPermission; }; // Core server classes get all permissions by default grant codeBase "file:${com.sun.aas.installRoot}/modules/-" { permission java.security.AllPermission; }; // Felix classes get all permissions by default grant codeBase "file:${com.sun.aas.installRoot}/osgi/felix/bin/-" { permission java.security.AllPermission; }; // jdmk classes get all permissions by default grant codeBase "file:${com.sun.aas.jdmkHome}/lib/-" { permission java.security.AllPermission; }; // mfwk_instrum_tk.jar get all permissions by default grant codeBase "file:${com.sun.aas.mfwkHome}/lib/mfwk_instrum_tk.jar" { permission java.security.AllPermission; }; // lockhart classes get all permissions by default grant codeBase "file:${com.sun.aas.webconsoleLib}/cc.jar" { permission java.security.AllPermission; }; // jato classes get all permissions by default grant codeBase "file:${com.sun.aas.jatoRoot}/jato.jar" { permission java.security.AllPermission; }; // JBI get all permissions by default grant codeBase "file:${com.sun.aas.installRoot}/jbi/-" { permission java.security.AllPermission; }; // JBI instances get all permissions by default grant codeBase "file:${com.sun.aas.instanceRoot}/jbi/-" { permission java.security.AllPermission; }; // Composite applications get all permissions by default grant codeBase "file:${com.sun.aas.instanceRoot}/applications/composite-applications/-" { permission java.security.AllPermission; }; // iMQ classes get all permissions by default grant codeBase "file:${com.sun.aas.imqLib}/-" { permission java.security.AllPermission; }; // ANT classes get all permissions by default grant codeBase "file:${com.sun.aas.antLib}/-" { permission java.security.AllPermission; }; // Derby driver classes get all permissions by default grant codeBase "file:${com.sun.aas.derbyRoot}/lib/-" { permission java.security.AllPermission; }; // Pointbase embedded server classes get all permissions by default grant codeBase "file:${com.sun.aas.pointbaseRoot}/lib/-" { permission java.security.AllPermission; }; // Web Services classes get all permissions by default grant codeBase "file:${com.sun.aas.webServicesLib}/-" { permission java.security.AllPermission; }; // permissions for avkit classes grant codeBase "file:${j2ee.appverification.home}/lib/-" { permission java.security.AllPermission; }; // permissions for HADB jar file(s) grant codeBase "file:${com.sun.aas.hadbRoot}/lib/-" { permission java.security.AllPermission; }; // permission for JDK's tools.jar to enable webservice annotation processing // at runtime by wsgen tool: // permission java.lang.RuntimePermission "createClassLoader"; // // permission for JDK's tools.jar to sign JARs at runtime for // Java Web Start support: // permissions java.security.AllPermission; // on the advice of the JDK tools folks. Should be refined later. grant codeBase "file:${com.sun.aas.javaRoot}/lib/tools.jar" { permission java.security.AllPermission; }; //Loading MBeans from anywhere, to take care of side effects of 6235678. grant { permission javax.management.MBeanTrustPermission "register" ; }; //Loading MBeans from anywhere, to take care of side effects of 6235678. // Basic set of required permissions granted to all remaining code grant { //Workaround for bugs #6484935, 6513799 permission java.lang.RuntimePermission "getProtectionDomain"; permission com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission "access"; permission java.util.PropertyPermission "*", "read,write"; permission java.lang.RuntimePermission "loadLibrary.*"; permission java.lang.RuntimePermission "queuePrintJob"; permission java.net.SocketPermission "*", "connect"; permission java.io.FilePermission "<>", "read,write"; // work-around for pointbase bug 4864405 permission java.io.FilePermission "${com.sun.aas.instanceRoot}${/}lib${/}databases${/}-", "delete"; permission java.io.FilePermission "${java.io.tmpdir}${/}-", "delete"; permission java.util.PropertyPermission "*", "read"; permission java.lang.RuntimePermission "modifyThreadGroup"; permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "setContextClassLoader"; permission javax.management.MBeanPermission "[com.sun.messaging.jms.*:*]", "*"; }; // Following grant block is only required by Connectors. If Connectors // are not in use the recommendation is to remove this grant. grant { permission javax.security.auth.PrivateCredentialPermission "javax.resource.spi.security.PasswordCredential * \"*\"","read"; }; // Following grant block is only required for Reflection. If Reflection // is not in use the recommendation is to remove this section. grant { permission java.lang.RuntimePermission "accessDeclaredMembers"; }; // Permissions to invoke CORBA objects in server grant { permission com.sun.enterprise.security.CORBAObjectPermission "*", "*"; }; //JRuby security permissions grant codeBase "file:${com.sun.aas.installRoot}/jruby/lib/-"{ permission java.io.FilePermission "<>", "read"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission java.util.PropertyPermission "jruby.*", "read"; permission java.lang.RuntimePermission "accessClassInPackage.*"; permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "defineClassInPackage.*"; permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "getenv.*"; }; grant codeBase "file:/opt/j2ee_agents/appserver_v9_agent/lib/*" { permission java.security.AllPermission; };