From b1c8641a63a67e3c64d948f9e8dce5c01e11e2dd Mon Sep 17 00:00:00 2001 From: mcentner Date: Wed, 5 May 2010 15:29:01 +0000 Subject: Merged feature branch mocca-1.2.13-id@r724 back to trunk. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@725 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- BKUOnline/src/main/policy/catalina.policy | 411 ++++++++++++++++++++++++++++++ 1 file changed, 411 insertions(+) create mode 100644 BKUOnline/src/main/policy/catalina.policy (limited to 'BKUOnline/src/main/policy/catalina.policy') diff --git a/BKUOnline/src/main/policy/catalina.policy b/BKUOnline/src/main/policy/catalina.policy new file mode 100644 index 00000000..2dfb198f --- /dev/null +++ b/BKUOnline/src/main/policy/catalina.policy @@ -0,0 +1,411 @@ +// Copyright 2008 Federal Chancellery Austria and +// Graz University of Technology +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// +// ========================================================================= +// || IMPORTANT: REVIEW AND ADAPT TO YOUR NEEDS PRIOR TO INSTALLATION +// ========================================================================= +// +// ========================================================================= +// || This file contains all default permissions from $CATALINA_HOME/conf/catalina.policy +// || and codebase paths to development dirs (for in-place deployment of IDEs) +// ========================================================================= +// +// (set -Djava.security.debug=access,failure and search for "denied" (failed)) +// (-Djava.net.preferIPv4Stack=true) +// +// ========== MOCCA CODE PERMISSIONS ======================================= +// +// replace ${catalina.base}/webapps/bkuonline +// with ${catalina.base}/webapps/ +// replace ${catalina.base}/work/Catalina/localhost/bkuonline +// with ${catalina.base}/work/Catalina/localhost/ (the path to the compiled JSPs, excl. package dir: org/apache/jsp/) +// replace version info in +// ${catalina.base}/webapps/bkuonline/WEB-INF/lib/BKUViewer-1.2.12.jar" { +// ${catalina.base}/webapps/bkuonline/WEB-INF/lib/utils-1.2.12.jar and +// ${catalina.base}/webapps/bkuonline/WEB-INF/lib/bkucommon-1.2.12.jar +// with current version +// replace www.sozialversicherung.gv.at:443 +// with +// replace localhost:8080 +// with +// replace www.xslt-stylesheet-include-url.org:80 +// with +// replace ../conf/secret.xml +// with +// +// replace www.a-trust.at and ksp.ecard.sozialversicherung.gv.at +// with +// replace ldap.a-trust.at:389, ocsp.a-trust.at:80 and ocsp.ecard.sozialversicherung.at:80 +// with (OCSP, CRLs) +// + +// ========== SYSTEM CODE PERMISSIONS ========================================= + + +// These permissions apply to javac +grant codeBase "file:${java.home}/lib/-" { + permission java.security.AllPermission; +}; + +// These permissions apply to all shared system extensions +grant codeBase "file:${java.home}/jre/lib/ext/-" { + permission java.security.AllPermission; +}; + +// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre +grant codeBase "file:${java.home}/../lib/-" { + permission java.security.AllPermission; +}; + +// These permissions apply to all shared system extensions when +// ${java.home} points at $JAVA_HOME/jre +grant codeBase "file:${java.home}/lib/ext/-" { + permission java.security.AllPermission; +}; + + +// ========== CATALINA CODE PERMISSIONS ======================================= + + +// These permissions apply to the daemon code +grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" { + permission java.security.AllPermission; +}; + +// These permissions apply to the logging API +grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { + permission java.util.PropertyPermission "java.util.logging.config.class", "read"; + permission java.util.PropertyPermission "java.util.logging.config.file", "read"; + permission java.io.FilePermission "${java.home}${file.separator}lib${file.separator}logging.properties", "read"; + permission java.lang.RuntimePermission "shutdownHooks"; + permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read"; + permission java.util.PropertyPermission "catalina.base", "read"; + permission java.util.logging.LoggingPermission "control"; + permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write"; + permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write"; + permission java.lang.RuntimePermission "getClassLoader"; + + // added by clemenso (for manager webapp) + permission java.lang.RuntimePermission "setContextClassLoader"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources"; + + // To enable per context logging configuration, permit read access to the appropriate file. + // Be sure that the logging configuration is secure before enabling such access + // eg for the examples web application: + // permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read"; +}; + +// These permissions apply to the server startup code +grant codeBase "file:${catalina.home}/bin/bootstrap.jar" { + permission java.security.AllPermission; +}; + +// These permissions apply to the servlet API classes +// and those that are shared across all class loaders +// located in the "lib" directory +grant codeBase "file:${catalina.home}/lib/-" { + permission java.security.AllPermission; +}; + + +// ========== WEB APPLICATION PERMISSIONS ===================================== + + +// These permissions are granted by default to all web applications +// In addition, a web application will be given a read FilePermission +// and JndiPermission for all files and directories in its document root. +grant { + // Required for JNDI lookup of named JDBC DataSource's and + // javamail named MimePart DataSource used to send mail + permission java.util.PropertyPermission "java.home", "read"; + permission java.util.PropertyPermission "java.naming.*", "read"; + permission java.util.PropertyPermission "javax.sql.*", "read"; + + // OS Specific properties to allow read access + permission java.util.PropertyPermission "os.name", "read"; + permission java.util.PropertyPermission "os.version", "read"; + permission java.util.PropertyPermission "os.arch", "read"; + permission java.util.PropertyPermission "file.separator", "read"; + permission java.util.PropertyPermission "path.separator", "read"; + permission java.util.PropertyPermission "line.separator", "read"; + + // JVM properties to allow read access + permission java.util.PropertyPermission "java.version", "read"; + permission java.util.PropertyPermission "java.vendor", "read"; + permission java.util.PropertyPermission "java.vendor.url", "read"; + permission java.util.PropertyPermission "java.class.version", "read"; + permission java.util.PropertyPermission "java.specification.version", "read"; + permission java.util.PropertyPermission "java.specification.vendor", "read"; + permission java.util.PropertyPermission "java.specification.name", "read"; + + permission java.util.PropertyPermission "java.vm.specification.version", "read"; + permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; + permission java.util.PropertyPermission "java.vm.specification.name", "read"; + permission java.util.PropertyPermission "java.vm.version", "read"; + permission java.util.PropertyPermission "java.vm.vendor", "read"; + permission java.util.PropertyPermission "java.vm.name", "read"; + + // Required for OpenJMX + permission java.lang.RuntimePermission "getAttribute"; + + // Allow read of JAXP compliant XML parser debug + permission java.util.PropertyPermission "jaxp.debug", "read"; + + // Precompiled JSPs need access to this package. + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*"; + + // Precompiled JSPs need access to this system property. + permission java.util.PropertyPermission "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read"; + +}; + + + + + + + + +// =========== container grants required by MOCCA +// +grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources"; + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/logging.properties", "read"; + // (for manager webapp) + permission java.lang.RuntimePermission "setContextClassLoader"; +}; + +grant codeBase "file:${catalina.base}/work/Catalina/localhost/bkuonline" { + permission java.io.FilePermission "/helpfiles/-", "read"; + permission java.lang.RuntimePermission "defineClassInPackage.org.apache.jasper.runtime"; +}; + +// =========== MOCCA grants +// +grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/-" { + permission java.io.FilePermission "${catalina.base}/logs", "read, write"; + permission java.io.FilePermission "${catalina.base}/logs/*", "read, write"; + permission java.io.FilePermission "${catalina.base}/logs/*", "delete"; + + // DataURLs + permission java.net.SocketPermission "apps.egiz.gv.at:443", "connect, resolve"; + permission java.net.SocketPermission "www.buergerkarte.at:443", "connect, resolve"; + permission java.net.SocketPermission "www.sozialversicherung.gv.at:443", "connect, resolve"; + + // other resources (crls, persb.xsl, ...) + permission java.net.SocketPermission "www.a-trust.at:80", "connect, resolve"; + permission java.net.SocketPermission "ksp.ecard.sozialversicherung.gv.at:80", "connect,resolve"; + permission java.net.SocketPermission "ldap.a-trust.at:389", "connect, resolve"; + permission java.net.SocketPermission "ocsp.a-trust.at:80", "connect, resolve"; + permission java.net.SocketPermission "ocsp.ecard.sozialversicherung.at:80", "connect, resolve"; +// permission java.net.SocketPermission "localhost:8080", "connect, resolve"; +// permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve"; + + permission java.security.SecurityPermission "insertProvider.IAIK"; + permission java.security.SecurityPermission "putProviderProperty.IAIK"; + permission java.security.SecurityPermission "removeProvider.IAIK"; + permission java.security.SecurityPermission "insertProvider.IAIK_ECC"; + permission java.security.SecurityPermission "putProviderProperty.IAIK_ECC"; + permission java.security.SecurityPermission "insertProvider.XSECT"; + permission java.security.SecurityPermission "putProviderProperty.XSECT"; + permission java.security.SecurityPermission "insertProvider.STAL"; + permission java.security.SecurityPermission "putProviderProperty.STAL"; + // XMLDSig is moved backwards by XSECT + permission java.security.SecurityPermission "insertProvider.XMLDSig"; + permission java.security.SecurityPermission "removeProvider.XMLDSig"; + + permission java.util.PropertyPermission "*", "read"; + permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.RuntimePermission "getClassLoader"; + permission java.lang.RuntimePermission "getProtectionDomain"; + //bkucommon,pki + permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.protocol.ldap"; + //jax-ws jaxb + permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources"; + //permission java.lang.RuntimePermission "modifyThread"; + //permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; + permission java.net.NetPermission "specifyStreamHandler"; + + //jaxb + //permission java.io.FilePermission "/WEB-INF/classes/-", "read"; + +}; + +grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/-" { +// permission java.util.PropertyPermission "com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace", "write"; +// permission java.util.PropertyPermission "com.sun.xml.ws.transport.http.HttpAdapter.dump", "write"; + + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write"; + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write"; + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete"; + + permission java.lang.RuntimePermission "defineClassInPackage.java.lang"; + permission java.util.PropertyPermission "*", "read, write"; + permission java.lang.RuntimePermission "modifyThread"; + permission java.lang.RuntimePermission "setFactory"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; +}; + +grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/utils-1.2.12-pinguin-1-SNAPSHOT.jar" { +// permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; +}; + +grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/bkucommon-1.2.12-pinguin-1-SNAPSHOT.jar" { + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write"; + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write"; + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete"; + permission java.io.FilePermission "${catalina.base}/temp/*", "read, write"; +// permission java.io.FilePermission "../conf/secret.xml", "read"; + permission java.util.PropertyPermission "*", "read, write"; + permission java.lang.RuntimePermission "modifyThread"; + permission java.lang.RuntimePermission "setFactory"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; +}; + +grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/iaik_jce_full_signed-3.16.jar" { + permission java.util.PropertyPermission "*", "read, write"; +}; + +grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/iaik_xsect-1.14.jar" { + permission java.util.PropertyPermission "*", "read, write"; +}; + +grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/iaik_pki-1.0-MOCCA.jar" { + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write"; + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write"; + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete"; + //permission java.net.NetPermission "specifyStreamHandler"; + //permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.protocol.ldap"; +}; + +grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/xalan-2.7.1.jar" { + permission java.io.FilePermission "${java.home}/lib/xalan.properties", "read"; + //permission java.lang.RuntimePermission "getClassLoader"; +}; + +// allow xsl:include from the specified URL +//grant codeBase "jar:file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/xalan-2.7.1.jar!/org/apache/xalan/processor/-" { +// permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve"; +//}; + +// allow XSLT document function to reference the specified URL +//grant codeBase "jar:file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/xalan-2.7.1.jar!/org/apache/xalan/xsltc/dom/LoadDocument.class" { +// permission java.io.FilePermission "../conf/secret.xml", "read"; +//}; + +// use tomcat/jre endorsed xerces instead +grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/xercesImpl-2.9.1.jar" { + permission java.io.FilePermission "${java.home}/lib/xerces.properties", "read"; +// permission java.io.FilePermission "../conf/secret.xml", "read"; +// permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve"; + permission java.io.FilePermission "/WEB-INF/classes/-", "read"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.*"; + //permission java.lang.RuntimePermission "accessDeclaredMembers"; +}; + +grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/commons-logging-1.1.1.jar" { + permission java.lang.RuntimePermission "defineClassInPackage.java.lang"; +}; + +grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/log4j-1.2.12.jar" { + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/log4j.properties", "read"; + permission java.lang.RuntimePermission "defineClassInPackage.java.lang"; +}; + +grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/spring-core-2.5.5.jar" { + //permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.RuntimePermission "modifyThread"; +}; + +grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/spring-web-2.5.5.jar" { + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write"; + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write"; + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete"; + permission java.util.PropertyPermission "*", "read, write"; + //permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.RuntimePermission "modifyThread"; + permission java.lang.RuntimePermission "setFactory"; + //permission java.lang.RuntimePermission "getProtectionDomain"; + permission java.lang.RuntimePermission "defineClassInPackage.java.lang"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; +}; + +grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/spring-beans-2.5.5.jar" { + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write"; + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write"; + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete"; + permission java.util.PropertyPermission "*", "read, write"; + //permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.RuntimePermission "setFactory"; + permission java.lang.RuntimePermission "getProtectionDomain"; + permission java.lang.RuntimePermission "defineClassInPackage.java.lang"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; +}; +grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/spring-context-2.5.5.jar" { + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write"; + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write"; + permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete"; + permission java.util.PropertyPermission "*", "read, write"; + //permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.RuntimePermission "modifyThread"; + permission java.lang.RuntimePermission "setFactory"; + permission java.lang.RuntimePermission "getProtectionDomain"; + permission java.lang.RuntimePermission "defineClassInPackage.java.lang"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; +}; + +grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/jaxws-rt-2.1.5.jar" { + // need write access to set disableCaptureStackTrace and HttpAdapter.dump + permission java.util.PropertyPermission "com.sun.xml.ws.*", "read, write"; + //permission java.util.PropertyPermission "com.sun.xml.bind.*", "read"; + //permission java.util.PropertyPermission "javax.xml.soap.*", "read"; + //permission java.util.PropertyPermission "javax.activation.*", "read"; + //permission java.util.PropertyPermission "xml.catalog.*", "read"; + //permission java.util.PropertyPermission "user.dir", "read"; + //permission java.util.PropertyPermission "user.home", "read"; + permission java.io.FilePermission "${java.home}/lib/jaxm.properties", "read"; + permission java.io.FilePermission "${java.home}/lib/mailcap", "read"; + permission java.io.FilePermission "${user.home}/.mailcap", "read"; + permission java.io.FilePermission "basename", "read"; + permission java.io.FilePermission "${catalina.home}/bin/xcatalog", "read"; + permission java.io.FilePermission "${catalina.home}/temp/xcatalog", "read"; + permission java.io.FilePermission "/WEB-INF/classes/-", "read"; + //permission java.lang.RuntimePermission "accessDeclaredMembers"; + //permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources"; + permission java.lang.RuntimePermission "setContextClassLoader"; + permission javax.management.MBeanServerPermission "createMBeanServer"; + permission javax.management.MBeanPermission "com.sun.xml.ws.*", "registerMBean"; + permission javax.management.MBeanTrustPermission "register"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; +}; + +grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.2.12-pinguin-1-SNAPSHOT/WEB-INF/lib/jaxb-impl-2.1.9.jar" { + //permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; +// permission java.lang.RuntimePermission "accessDeclaredMembers"; +// permission java.util.PropertyPermission "com.sun.xml.bind.v2.*", "read"; +// permission java.util.PropertyPermission "user.dir", "read"; + permission java.io.FilePermission "/WEB-INF/classes/-", "read"; +}; + +// ======== NETBEANS + +grant codeBase "file:${catalina.base}/nblib/-" { + permission java.security.AllPermission; +}; \ No newline at end of file -- cgit v1.2.3