0 Replies Latest reply on Oct 2, 2008 11:38 AM by Scott Stark

    JBNAME-8, updates to security in naming server

    Scott Stark Master


      I have added security permission checks when running under a security manager to the jnpserver project for the 5.0.0.CR3 release. The following RuntimePermissions are required for sensitive NamingContext operations:

      NamingContext.getHANamingServerForPartition requires RuntimePermission("org.jboss.naming.NamingContext.getHANamingServerForPartition");
      NamingContext.setHANamingServerForPartition/removeHANamingServerForPartition requires RuntimePermission("org.jboss.naming.NamingContext.setHANamingServerForPartition");
      NamingContext.getLocal requires RuntimePermission("org.jboss.naming.NamingContext.getLocal");
      NamingContext.setLocal requires RuntimePermission("org.jboss.naming.NamingContext.setLocal");

      The NamingServer has a new JndiPermission(String path, String actions) permission that is adopted from the OpenJDK java.io.FilePermission. It uses only the unix '/' path separator, and has the following actions:
      bind - Context.bind permission
      rebind - Context.rebind permission
      unbind - Context.unbind permission.
      lookup - Context.lookup permission.
      list - Context.list permission.
      listBindings - Context.listBindings permission.
      createSubcontext - Context.createSubcontext permission
      * - alias for all of the above actions

      It also has a special path name <<ALL BINDINGS>> that matches any jndi path, similar to the FilePermission <<ALL FILES>> path.