Hi Scott,
I've got a patch that stores the original deployment
url in the UnifiedClassLoader.
If it's a subpackage it stores the topmost parent
from DeploymentInfo.
Then in UnifiedClassLoader it does
protected PermissionsCollection getPermissions(CodeSource cs)
{
CodeSource origCS = new CodeSource(origURL, cs.getCertificates());
super.getPermissions(origCS);
}
I'm not sure about the performance impact of this code,
especially on java 1.4
I'm don't know whether the certificates part works?
I haven't tested it with current CVS.
It didn't work with the Jetty MBeans. They didn't get
a UnifiedClassLoader, but that is easy to fix.
One annoying feature of the new single deploy/
directory will be you can't do
grant codeBase "file:/$(jboss.home}/bin/*" {
permission java.security.AllPermission;
}
grant codeBase "file:/$(jboss.home}/lib/*" {
permission java.security.AllPermission;
}
grant codeBase "file:/$(jboss.home}/lib/ext/*" {
permission java.security.AllPermission;
}
grant codeBase "file:/$(jboss.home}/deploy/lib/*" {
permission java.security.AllPermission;
}
grant {
permission java.util.PropertyPermission "*", "read";
permission java.lang.RuntimePermission "queuePrintJob";
permission java.net.SocketPermission "*", "connect";
}
To get the specs recommendation.
You have to list every sar in deploy/
Regards,
Adrian
> The only simple solution I can see to the local
> tmp/deploy
> copy name problem as it relates to being able to
> specify
> Java2 codebase permissions is to replicate the
> original
> url path under the tmp/deploy directory. So:
>
> path1/lib =>
> ${jboss.home}/tmp/deploy/path1/lib
> path1/lib/ext =>
> ${jboss.home}/tmp/deploy/path1/lib/ext
> path2/deploy =>
> ${jboss.home}/tmp/deploy/path2/deploy
> path3/deploy =>
> ${jboss.home}/tmp/deploy/path3/deploy
> httpPath1/lib/a.jar =>
> ${jboss.home}/tmp/deploy/http/host/path1/lib
> httpPath1/lib/ext/b.jar =>
> ${jboss.home}/tmp/deploy/http/host/path1/lib/ext
>
> Which allows for a simple transformation from the
> original permission
> specification to the reployment location:
>
> grant codeBase "file:/path1/lib/ext/*" {
> permission java.lang.RuntimePermission
> on "setPrincipalInfo";
> };
>
> becomes:
>
> grant codeBase
> "file:/${jboss.home}/tmp/deploy/path1/lib/ext/*" {
> permission java.lang.RuntimePermission
> on "setPrincipalInfo";
> };
>
> grant codeBase "http://installhost/path1/lib/ext/*"; {
> permission java.lang.RuntimePermission
> on "setPrincipalInfo";
> };
>
> becomes:
>
> grant codeBase
> "file:/${jboss.home}/tmp/deploy/http/installhost/path1
> lib/ext/*" {
> permission java.lang.RuntimePermission
> on "setPrincipalInfo";
> };
>
> since the PolicyFile implementation does allow
> property references.
> You won't be able to assign permissions to individual
> jars or
> subcomponents of ears, wars, sars, etc., but I think
> we can live
> with that. Any better ideas?
>
> xxxxxxxxxxxxxxxxxxxxxxxx
> Scott Stark
> Chief Technology Officer
> JBoss Group, LLC
> xxxxxxxxxxxxxxxxxxxxxxxx
>
>
> _______________________________________________
> Jboss-development mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/jboss-dev
> lopment
_________________________________________________________
View thread online: http://main.jboss.org/thread.jsp?forum=66&thread=9441
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
