14.3. Writing Security Policy for JBoss Enterprise Application Platform
The included file
jboss-as/bin/server.policy.cert
is an example security policy for JBoss Enterprise Application Platform. You can use this file as the basis for your own security policy.
The
policytool
application, included with the JDK, provides a graphical tool for editing and writing security policy.
Important
Carefully consider what permissions you grant. Be particularly cautious about granting
java.security.AllPermission
: you can potentially allow changes to the system binary, including the JVM runtime environment.
For a general treatment of security policy files and Java permissions refer to the official Java documentation at http://docs.oracle.com/javase/6/docs/technotes/guides/security/PolicyFiles.html . JBoss-specific
java.lang.RuntimePermissions
are described below.
JBoss-specific Runtime Permissions
org.jboss.security.SecurityAssociation.getPrincipalInfo
- Provides access to the
org.jboss.security.SecurityAssociation getPrincipal()
andgetCredential()
methods. The risk involved with using this runtime permission is the ability to see the current thread caller and credentials. org.jboss.security.SecurityAssociation.getSubject
- Provides access to the
org.jboss.security.SecurityAssociation getSubject()
method. org.jboss.security.SecurityAssociation.setPrincipalInfo
- Provides access to the
org.jboss.security.SecurityAssociation setPrincipal()
,setCredential()
,setSubject()
,pushSubjectContext()
, andpopSubjectContext()
methods. The risk involved with using this runtime permission is the ability to set the current thread caller and credentials. org.jboss.security.SecurityAssociation.setServer
- Provides access to the
org.jboss.security.SecurityAssociation setServer
method. The risk involved with using this runtime permission is the ability to enable or disable multi-thread storage of the caller principal and credential. org.jboss.security.SecurityAssociation.setRunAsRole
- Provides access to the
org.jboss.security.SecurityAssociation pushRunAsRole
andpopRunAsRole
,pushRunAsIdentity
andpopRunAsIdentity
methods. The risk involved with using this runtime permission is the ability to change the current caller run-as role principal. org.jboss.security.SecurityAssociation.accessContextInfo
- Provides access to the
org.jboss.security.SecurityAssociation accessContextInfo, "Get"
andaccessContextInfo, "Set"
methods, allowing you to both set and get the current security context info. org.jboss.naming.JndiPermission
- Provides special permissions to files and directories in a specified JNDI tree path, or recursively to all files and subdirectories. A JndiPermission consists of a pathname and a set of valid permissions related to the file or directory.The available permissions include:
bind
,rebind
,unbind
,lookup
,list
,listBindings
,createSubcontext
, andall
.Pathnames ending in/*
indicate the specified permissions apply to all files and directories of the pathname. Pathnames ending in/-
indicate recursive permissions to all files and subdirectories of the pathname. Pathnames consisting of the special token<<ALL BINDINGS>>
matches any file in any directory. org.jboss.security.srp.SRPPermission
- A custom permission class for protecting access to sensitive SRP information like the private session key and private key. This permission does not have any actions defined. The getSessionKey target provides access to the private session key resulting from the SRP negotiation. Access to this key will allow you to encrypt and decrypt messages that have been encrypted with the session key.
org.hibernate.secure.HibernatePermission
- This permission class provides basic permissions to secure Hibernate sessions. The target for this property is the entity name. The available actions include: insert , delete , update , read , * (all).
org.jboss.metadata.spi.stack.MetaDataStackPermission
- Provides a custom permission class for controlling how callers interact with the metadata stack. The available permissions are:
modify
(push/pop onto the stack),peek
(peek onto the stack), and*
(all). org.jboss.config.spi.ConfigurationPermission
- Secures setting of configuration properties. Defines only permission target names, and no actions. The targets for this property include: <property name> - property which code has permission to set; * - all properties.
org.jboss.kernel.KernelPermission
- Secures access to the kernel configuration. Defines only permission target names and no actions. The targets for this property include: access - access the kernel configuration; configure - configure the kernel (access is implied); * - all of the above.
org.jboss.kernel.plugins.util.KernelLocatorPermission
- Secures access to the kernel. Defines only permission target names and no actions. The targets for this property include: kernel - access the kernel; * - access all areas.