Security Policy runtime permissions
This topic has not yet been written. The content below is from the topic description.
Important Carefully consider what permissions you grant. Be particularly cautious about granting java.security.AllPermission : you can potentially allow changes to the system binary, including the JVM runtime environment. For a general treatment of security policy files and Java permissions refer to the official Java documentation at http://download-llnw.oracle.com/javase/6/docs/technotes/guides/security/PolicyFiles.html . JBoss-specific java.lang.RuntimePermissions are described below. JBoss-specific Runtime Permissions org.jboss.security.SecurityAssociation.getPrincipalInfo Provides access to the org.jboss.security.SecurityAssociation getPrincipal() and getCredential() methods. The risk involved with using this runtime permission is the ability to see the current thread caller and credentials. org.jboss.security.SecurityAssociation.getSubject Provides access to the org.jboss.security.SecurityAssociation getSubject() method. org.jboss.security.SecurityAssociation.setPrincipalInfo Provides access to the org.jboss.security.SecurityAssociation setPrincipal() , setCredential() , setSubject() , pushSubjectContext() , and popSubjectContext() methods. The risk involved with using this runtime permission is the ability to set the current thread caller and credentials. org.jboss.security.SecurityAssociation.setServer Provides access to the org.jboss.security.SecurityAssociation setServer method. The risk involved with using this runtime permission is the ability to enable or disable multi-thread storage of the caller principal and credential. org.jboss.security.SecurityAssociation.setRunAsRole Provides access to the org.jboss.security.SecurityAssociation pushRunAsRole and popRunAsRole , pushRunAsIdentity and popRunAsIdentity methods. The risk involved with using this runtime permission is the ability to change the current caller run-as role principal. org.jboss.security.SecurityAssociation.accessContextInfo Provides access to the org.jboss.security.SecurityAssociation accessContextInfo, "Get" and accessContextInfo, "Set" methods, allowing you to both set and get the current security context info. org.jboss.naming.JndiPermission Provides special permissions to files and directories in a specified JNDI tree path, or recursively to all files and subdirectories. A JndiPermission consists of a pathname and a set of valid permissions related to the file or directory. The available permissions include: bind , rebind , unbind , lookup , list , listBindings , createSubcontext , and all . Pathnames ending in /* indicate the specified permissions apply to all files and directories of the pathname. Pathnames ending in /- indicate recursive permissions to all files and subdirectories of the pathname. Pathnames consisting of the special token < > matches any file in any directory. org.jboss.security.srp.SRPPermission A custom permission class for protecting access to sensitive SRP information like the private session key and private key. This permission does not have any actions defined. The getSessionKey target provides access to the private session key resulting from the SRP negotiation. Access to this key will allow you to encrypt and decrypt messages that have been encrypted with the session key. org.hibernate.secure.HibernatePermission This permission class provides basic permissions to secure Hibernate sessions. The target for this property is the entity name. The available actions include: insert , delete , update , read , * (all). org.jboss.metadata.spi.stack.MetaDataStackPermission Provides a custom permission class for controlling how callers interact with the metadata stack. The available permissions are: modify (push/pop onto the stack), peek (peek onto the stack), and * (all). org.jboss.config.spi.ConfigurationPermission Secures setting of configuration properties. Defines only permission target names, and no actions. The targets for this property include: - property which code has permission to set; * - all properties. org.jboss.kernel.KernelPermission Secures access to the kernel configuration. Defines only permission target names and no actions. The targets for this property include: access - access the kernel configuration; configure - configure the kernel (access is implied); * - all of the above. org.jboss.kernel.plugins.util.KernelLocatorPermission Secures access to the kernel. Defines only permission target names and no actions. The targets for this property include: kernel - access the kernel; * - access all areas.