In tools.jar there's a security manager or policy provider that can be
used to print out all the permissions your code needs.
Regards,
Peter.
Thanks :)
On Sun, Jul 6, 2014 at 4:54 PM, Greg Trasuk<[email protected]> wrote:
>
> Basically, you want to grant as few permissions as you can - unfortunatel=
y
> that sometimes means trying things out, adding permissions until they wor=
k.
>
> As a starting point, the application class loader needs something like
> this (taken from river-container (
> https://github.com/trasukg/river-container)):
>
> //java.security.AllPermission;
> //java.io.FilePermission "${serviceArchive}" "read";
> java.io.FilePermission "-" "read";
> java.net.SocketPermission "*" "connect,listen,accept,resolve";
>
> /* net.jini.security.Security requires createSecurityManager, but we
> don't grant 'setSecurityManager'. */
> java.lang.RuntimePermission "createSecurityManager";
> java.lang.RuntimePermission "getProtectionDomain";
> java.lang.RuntimePermission "setFactory";
> java.lang.RuntimePermission "modifyThread";
> java.lang.RuntimePermission "modifyThreadGroup";
> java.security.SecurityPermission "getDomainCombiner";
> java.security.SecurityPermission "createAccessControlContext";
> java.security.SecurityPermission "getPolicy";
>
> // BasicProxyPreparer requirements:
> javax.security.auth.AuthPermission "getSubject";
>
> net.jini.security.policy.UmbrellaGrantPermission;
> com.sun.jini.thread.ThreadPoolPermission "getSystemThreadPool";
> com.sun.jini.thread.ThreadPoolPermission "getUserThreadPool";
> com.sun.jini.discovery.internal.EndpointInternalsPermission "set";
> com.sun.jini.discovery.internal.EndpointInternalsPermission "get";
> java.lang.reflect.ReflectPermission "suppressAccessChecks";
> net.jini.export.ExportPermission "exportRemoteInterface.*";
> net.jini.discovery.DiscoveryPermission "*";
> java.lang.RuntimePermission "shutdownHooks";
> java.util.PropertyPermission "*" "read";
>
> java.lang.RuntimePermission "accessClassInPackage.com.sun.proxy";
>
> // Only in client configuration - apps can call System.exit()
> java.lang.RuntimePermission "exitVM.*=E2=80=9D;
>
> Cheers,
>
> Greg Trasuk.
>
> On Jul 6, 2014, at 12:26 AM, Gus Heck<[email protected]> wrote:
>
> > The getting started page says: " In the interest of simplicity, we are
> > going to grant everything every permission. In the real world, this wou=
ld
> > obviously not be recommended."
> >
> > Ok fine, but where do I find the documentation of what is needed for wh=
at
> > when I DO eventually want to live in the real world :)
> >
> > -Gus
> >
> > --
> > http://www.the111shift.com
>
>
