Ron Monzillo wrote:
> Ashish Sahni wrote:
>> Bill Shannon wrote:
>>
>>> Clearly some security permission is required to add a security
>>> provider.
>>> What are all the security permissions JRuby requires to run correctly?
>>
>> Following are the extra(over the default provided) security
>> permissions as of b41-rc
>> required by a Ruby on Rails app to run in GlassFish
>>
>> permission java.lang.RuntimePermission "createClassLoader";
>> permission java.security.SecurityPermission "putProviderProperty.BC";
>> permission java.lang.RuntimePermission "getenv.*";
>> permission java.security.SecurityPermission "insertProvider.BC";
>> permission java.lang.reflect.ReflectPermission
>> "suppressAccessChecks";
>>
>>> Are we configuring all those security permissions in case someone
>>> enables
>>> the security manager?
>>
>> No. And I would not expect GlassFish to, since these should be
>> configured on a per application basis.
>
> Is it possible to limit the codebase that needs these permissions to
> some jruby code that gets used by the application, or must the whole
> application have these permissions?
It is possible to limit the permissions to a set of jruby libs. However,
as of now there is a mode wherein the jruby libs would be a part of
the WAR (as opposed to being present at a static location)
-Ashish