0 Replies Latest reply on Apr 24, 2003 1:54 PM by brucec

    JBoss/Tomcat required Permissions

    brucec Newbie

      The documentation says the default configuration file (server.policy) has everything enabled and "What is a reasonable set of permissions is entirely up to you."

      Does anyone know of a server.policy example that contains everything necessary for JBoss/Tomcat to run correctly. I've created my own server.policy file by adding in Permissions that show up as missing when I run JBoss in a secure mode, but something is still missing because 5 packages don't get deployed by org.jboss.web.catalina.EmbeddedCatalinaService.

      My current server.policy file looks like this:
      grant {
      permission java.util.PropertyPermission "*", "read,write";
      permission java.lang.RuntimePermission "*", "getProtectionDomain";
      permission java.io.FilePermission "/tools/-", "read,write,execute";
      permission java.io.FilePermission "/jboss-3.0.4_tomcat-4.1.12/server/default/-", "delete";
      permission javax.security.auth.AuthPermission "*", "createLoginContext.jbossmq";
      permission java.net.SocketPermission "*", "accept,resolve";
      permission org.apache.naming.JndiPermission "*";
      grant Principal org.jboss.security.SimplePrincipal "Administrator" {
      // Allow everything for now
      permission java.security.AllPermission;
      grant Principal org.jboss.security.SimplePrincipal "Operator" {
      permission com.transdyn.dynac.security.AccessPermission;