Menu Close
Settings Close

Language and Page Formatting Options

Red Hat Training

A Red Hat training course is available for JBoss Enterprise Application Platform Common Criteria Certification

2.5.5. Required changes to the included JSM policy

The supplied Java Security Manager policy file that is included with JBoss EAP must be modified as specified below. The policy file that must be edited is ${JBOSS_HOME}/bin/security_cc.policy. The copy of the complete modified policy file can be found in Appendix D, Required Java Security Manager Policy File.
    • codeBase "file:${jboss.server.home.dir}/tmp/-" in section 3:
      • Added two more javax.security.auth.PrivateCredentialPermission as follows:
        permission javax.security.auth.PrivateCredentialPermission "javax.crypto.spec.SecretKeySpec * \"*\"", "read";
        permission javax.security.auth.PrivateCredentialPermission "org.jboss.security.srp.SRPParameters * \"*\"", "read";
      • permission java.net.SocketPermission "*", "connect,accept,resolve"; moved from general grant in section 5 to this codeBase.
      • permission org.jboss.naming.JndiPermission "JAXR", "bind,rebind,unbind,lookup,list,listBindings,createSubcontext"; added to this codeBase.
      For details refer to the grant for code base "file:${jboss.server.home.dir}/tmp/-" in Section 3 of the security_cc.policy file detailed in Appendix D, Required Java Security Manager Policy File.
  1. Section 4 changes
    • Testsuite changes to make all tests pass under security manager.
    • Startup time related change
    • JNDI binding problem fixed with adding proper permission to test deploy directory
    • Minor changes in Oracle JDBC driver permissions need for IBM JRE 1.6 to pass the tests
    For details see Section 4 of security_cc.policy file in Appendix D, Required Java Security Manager Policy File.
  2. Section 5 Changes
    The following 2 items have been removed from the general grant section.
    • permission java.util.PropertyPermission "*", "read";
    • permission java.net.SocketPermission "*", "connect";
    For details see Section 5 of security_cc.policy file in Appendix D, Required Java Security Manager Policy File.
  3. More detailed comments added throughout the policy file.