ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaha_5.4.0.1/rzahajgssjvmperm.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="JVM permissions" />
<meta name="DC.Relation" scheme="URI" content="rzahajgsscfgsecmgr.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssjaasperm.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahajgssjvmperm" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>JVM permissions</title>
</head>
<body id="rzahajgssjvmperm"><a name="rzahajgssjvmperm"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">JVM permissions</h1>
<div><p>In addition to the access control checks performed by JGSS, the Java™ virtual
machine (JVM) performs authorization checks when accessing a variety of resources,
including files, Java properties, packages, and sockets.</p>
<p>For more information about using JVM permissions, see <a href="http://java.sun.com/j2se/1.4/docs/guide/security/permissions.html" target="_blank">Permissions
in the Java 2 SDK</a>.</p>
<p>The following list identifies the permissions required when you use the
JAAS features of JGSS or use JGSS with a security manager:</p>
<ul><li>javax.security.auth.AuthPermission "modifyPrincipals"</li>
<li>javax.security.auth.AuthPermission "modifyPrivateCredentials"</li>
<li>javax.security.auth.AuthPermission "getSubject"</li>
</ul>
<ul><li>javax.security.auth.PrivateCredentialPermission           "javax.security.auth.kerberos.KerberosKey
javax.security.auth.kerberos.KerberosPrincipal      \"*\"", "read" </li>
<li>javax.security.auth.PrivateCredentialPermission           "javax.security.auth.kerberos.KerberosTicket
     javax.security.auth.kerberos.KerberosPrincipal \"*\"", "read" </li>
</ul>
<ul><li>java.util.PropertyPermission "com.ibm.security.jgss.debug", "read"</li>
<li>java.util.PropertyPermission "DEBUG", "read"</li>
<li>java.util.PropertyPermission "java.home", "read"</li>
<li>java.util.PropertyPermission "java.security.krb5.conf", "read"</li>
<li>java.util.PropertyPermission "java.security.krb5.kdc", "read"</li>
<li>java.util.PropertyPermission "java.security.krb5.realm", "read"</li>
<li>java.util.PropertyPermission "javax.security.auth.useSubjectCredsOnly",
"read"</li>
<li>java.util.PropertyPermission "user.dir", "read"</li>
<li>java.util.PropertyPermission "user.home", "read"</li>
</ul>
<ul><li>java.lang.RuntimePermission "accessClassInPackage.sun.security.action"</li>
</ul>
<ul><li>java.security.SecurityPermission "putProviderProperty.IBMJGSSProvider"</li>
</ul>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahajgsscfgsecmgr.htm" title="If you are running your JGSS application with a Java security manager enabled, you need to ensure that your application and JGSS have the necessary permissions.">Using a security manager</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzahajgssjaasperm.htm" title="IBM JGSS performs runtime permission checks at the time the JAAS-enabled program uses credentials and accesses services. You can disable this optional JAAS feature by setting the Java property avax.security.auth.useSubjectCredsOnly to false. Moreover, JGSS performs permission checks only when the application runs with a security manager.">JAAS permission checks</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="concept" />`
			`<meta name="DC.Title" content="JVM permissions" />`
			`<meta name="DC.Relation" scheme="URI" content="rzahajgsscfgsecmgr.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzahajgssjaasperm.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzahajgssjvmperm" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>JVM permissions</title>`
			`</head>`
			`<body id="rzahajgssjvmperm"><a name="rzahajgssjvmperm"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">JVM permissions</h1>`
			`<div><p>In addition to the access control checks performed by JGSS, the Java™ virtual`
			`machine (JVM) performs authorization checks when accessing a variety of resources,`
			`including files, Java properties, packages, and sockets.</p>`
			`<p>For more information about using JVM permissions, see <a href="http://java.sun.com/j2se/1.4/docs/guide/security/permissions.html" target="_blank">Permissions`
			`in the Java 2 SDK</a>.</p>`
			`<p>The following list identifies the permissions required when you use the`
			`JAAS features of JGSS or use JGSS with a security manager:</p>`
			`<ul><li>javax.security.auth.AuthPermission "modifyPrincipals"</li>`
			`<li>javax.security.auth.AuthPermission "modifyPrivateCredentials"</li>`
			`<li>javax.security.auth.AuthPermission "getSubject"</li>`
			`</ul>`
			`<ul><li>javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosKey`
			`javax.security.auth.kerberos.KerberosPrincipal \"*\"", "read" </li>`
			`<li>javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosTicket`
			`javax.security.auth.kerberos.KerberosPrincipal \"*\"", "read" </li>`
			`</ul>`
			`<ul><li>java.util.PropertyPermission "com.ibm.security.jgss.debug", "read"</li>`
			`<li>java.util.PropertyPermission "DEBUG", "read"</li>`
			`<li>java.util.PropertyPermission "java.home", "read"</li>`
			`<li>java.util.PropertyPermission "java.security.krb5.conf", "read"</li>`
			`<li>java.util.PropertyPermission "java.security.krb5.kdc", "read"</li>`
			`<li>java.util.PropertyPermission "java.security.krb5.realm", "read"</li>`
			`<li>java.util.PropertyPermission "javax.security.auth.useSubjectCredsOnly",`
			`"read"</li>`
			`<li>java.util.PropertyPermission "user.dir", "read"</li>`
			`<li>java.util.PropertyPermission "user.home", "read"</li>`
			`</ul>`
			`<ul><li>java.lang.RuntimePermission "accessClassInPackage.sun.security.action"</li>`
			`</ul>`
			`<ul><li>java.security.SecurityPermission "putProviderProperty.IBMJGSSProvider"</li>`
			`</ul>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahajgsscfgsecmgr.htm" title="If you are running your JGSS application with a Java security manager enabled, you need to ensure that your application and JGSS have the necessary permissions.">Using a security manager</a></div>`
			`</div>`
			`<div class="relconcepts"><strong>Related concepts</strong><br />`
			`<div><a href="rzahajgssjaasperm.htm" title="IBM JGSS performs runtime permission checks at the time the JAAS-enabled program uses credentials and accesses services. You can disable this optional JAAS feature by setting the Java property avax.security.auth.useSubjectCredsOnly to false. Moreover, JGSS performs permission checks only when the application runs with a security manager.">JAAS permission checks</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`