grant
{
permission java.net.SocketPermission "*:1024-635535","connect,accept";
permission java.io.FilePermission "c:\\rmi\\-","read";
};
别忘给分
{
permission java.net.SocketPermission "*:1024-635535","connect,accept";
permission java.io.FilePermission "c:\\rmi\\-","read";
};
别忘给分
// Description: Security policy for the HelloEnterprise example
// Note: To see these security permissions in action use the
// -Djava.security.debug=access:failure runtime option
// on the java command line.
//
// Enhydra services get most permissions
//
grant codeBase "file:@ENHYDRA_DIR@/lib/-" {
permission java.lang.RuntimePermission "setIO";
permission java.util.PropertyPermission "*", "read, write";
permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete";
permission java.net.SocketPermission "*", "accept, connect, listen, resolve";
permission java.net.NetPermission "*";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.security.SecurityPermission "getPolicy";
};// Application and services need these, but shouldn't if fully integrated
// with the services architecture.
//
grant codeBase "file:@EXAMPLE_OUTPUT@/lib/-" {
permission java.util.PropertyPermission "*", "read, write";
permission java.net.SocketPermission "*", "accept, connect, listen, resolve";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "setContextClassLoader"; // Note that FilePermission paths are platform specific, so we
// have to provide both Unix and Windows (.BATCH) file forms.
permission java.io.FilePermission "@BAT_EXAMPLE_OUTPUT@\-", "read, write, delete";
permission java.io.FilePermission "@EXAMPLE_OUTPUT@/-", "read, write, delete";
permission java.io.FilePermission "@BAT_ENHYDRA_DIR@\lib\-", "read";
permission java.io.FilePermission "@ENHYDRA_DIR@/lib/-", "read";
permission java.io.FilePermission "@JDKDIR@/lib/-", "read";
permission java.io.FilePermission "@BAT_JDKDIR@\-", "read"; // Needed by InstantDB.
permission java.io.FilePermission "@BAT_EXAMPLE_OUTPUT@\traceAccount.log", "write";
permission java.io.FilePermission "@EXAMPLE_OUTPUT@/traceAccount.log", "write";
};// Servlet container currently stores web-war classes here, these need to move
// under the application codebase. The extra runtime permissions should not
// be needed if the servlets used the services architecture properly.
//
grant codeBase "file:@ENHYDRA_DIR@/webapps/HelloEnterprise/-" { // Needed by JtaServlet
permission java.util.PropertyPermission "*", "read";
permission java.io.FilePermission "@BAT_EXAMPLE_OUTPUT@\-", "read";
permission java.io.FilePermission "@EXAMPLE_OUTPUT@/-", "read";
permission java.lang.RuntimePermission "getClassLoader"; // Needed by RMI for session bean servlet.
permission java.net.SocketPermission "*", "connect, resolve"; // Needed by InstantDB.
permission java.io.FilePermission "@BAT_EXAMPLE_OUTPUT@\tmp\-", "read, write, delete";
permission java.io.FilePermission "@EXAMPLE_OUTPUT@/tmp/-", "read, write, delete";
permission java.io.FilePermission "@BAT_EXAMPLE_OUTPUT@\traceAccount.log", "write";
permission java.io.FilePermission "@EXAMPLE_OUTPUT@/traceAccount.log", "write"; // Needed by Jonas RMI stubs, although the server will run without these
// permissions, a lot of security errors are thrown and handled.
permission java.io.FilePermission "@BAT_ENHYDRA_DIR@\lib\-", "read";
permission java.io.FilePermission "@ENHYDRA_DIR@/lib/-", "read";
permission java.io.FilePermission "@BAT_JDKDIR@\lib\-", "read";
permission java.io.FilePermission "@JDKDIR@/lib/-", "read";};