2015-04-27 21:02:40 +08:00
|
|
|
grant {
|
|
|
|
permission java.util.PropertyPermission "*", "read,write";
|
|
|
|
permission java.net.SocketPermission "*:*", "listen,resolve,accept,connect";
|
2016-04-11 03:00:50 +01:00
|
|
|
permission java.io.FilePermission "/-", "read";
|
2015-04-27 21:02:40 +08:00
|
|
|
permission java.io.FilePermission "*", "read,write,delete";
|
|
|
|
permission java.lang.RuntimePermission "accessDeclaredMembers";
|
|
|
|
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
|
|
|
|
permission java.lang.RuntimePermission "accessClassInPackage.*";
|
|
|
|
permission javax.security.auth.AuthPermission "doAs";
|
|
|
|
permission javax.security.auth.AuthPermission "getSubject";
|
|
|
|
permission javax.security.auth.AuthPermission
|
|
|
|
"createLoginContext.server_star";
|
|
|
|
permission javax.security.auth.AuthPermission
|
|
|
|
"createLoginContext.server_multiple_principals";
|
|
|
|
permission javax.security.auth.AuthPermission "modifyPrincipals";
|
|
|
|
permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab java.security.Principal \"krb5.keytab.data\"", "read";
|
|
|
|
|
|
|
|
// clients have a permission to use all service principals
|
|
|
|
permission javax.security.auth.kerberos.ServicePermission "*", "initiate";
|
|
|
|
|
|
|
|
// server has a service permission
|
|
|
|
// to accept only service1 and service3 principals
|
|
|
|
permission javax.security.auth.kerberos.ServicePermission
|
|
|
|
"host/service1.localhost@TEST.REALM", "accept";
|
|
|
|
permission javax.security.auth.kerberos.ServicePermission
|
|
|
|
"host/service3.localhost@TEST.REALM", "accept";
|
|
|
|
};
|