Thanks :)
On Sun, Jul 6, 2014 at 4:54 PM, Greg Trasuk <[email protected]> wrote: > > Basically, you want to grant as few permissions as you can - unfortunately > that sometimes means trying things out, adding permissions until they work. > > As a starting point, the application class loader needs something like > this (taken from river-container ( > https://github.com/trasukg/river-container)): > > //java.security.AllPermission; > //java.io.FilePermission "${serviceArchive}" "read"; > java.io.FilePermission "-" "read"; > java.net.SocketPermission "*" "connect,listen,accept,resolve"; > > /* net.jini.security.Security requires createSecurityManager, but we > don't grant 'setSecurityManager'. */ > java.lang.RuntimePermission "createSecurityManager"; > java.lang.RuntimePermission "getProtectionDomain"; > java.lang.RuntimePermission "setFactory"; > java.lang.RuntimePermission "modifyThread"; > java.lang.RuntimePermission "modifyThreadGroup"; > java.security.SecurityPermission "getDomainCombiner"; > java.security.SecurityPermission "createAccessControlContext"; > java.security.SecurityPermission "getPolicy"; > > // BasicProxyPreparer requirements: > javax.security.auth.AuthPermission "getSubject"; > > net.jini.security.policy.UmbrellaGrantPermission; > com.sun.jini.thread.ThreadPoolPermission "getSystemThreadPool"; > com.sun.jini.thread.ThreadPoolPermission "getUserThreadPool"; > com.sun.jini.discovery.internal.EndpointInternalsPermission "set"; > com.sun.jini.discovery.internal.EndpointInternalsPermission "get"; > java.lang.reflect.ReflectPermission "suppressAccessChecks"; > net.jini.export.ExportPermission "exportRemoteInterface.*"; > net.jini.discovery.DiscoveryPermission "*"; > java.lang.RuntimePermission "shutdownHooks"; > java.util.PropertyPermission "*" "read"; > > java.lang.RuntimePermission "accessClassInPackage.com.sun.proxy"; > > // Only in client configuration - apps can call System.exit() > java.lang.RuntimePermission "exitVM.*”; > > Cheers, > > Greg Trasuk. > > On Jul 6, 2014, at 12:26 AM, Gus Heck <[email protected]> wrote: > > > The getting started page says: " In the interest of simplicity, we are > > going to grant everything every permission. In the real world, this would > > obviously not be recommended." > > > > Ok fine, but where do I find the documentation of what is needed for what > > when I DO eventually want to live in the real world :) > > > > -Gus > > > > -- > > http://www.the111shift.com > > -- http://www.the111shift.com
