124 lines
6.4 KiB
HTML
124 lines
6.4 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="reference" />
|
||
|
<meta name="DC.Title" content="Sample: JAAS policy file" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahajgssdownloadsource.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="codedisclaimer.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahajgsssampview.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzahajgssjaaspoly" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Sample: JAAS policy file</title>
|
||
|
</head>
|
||
|
<body id="rzahajgssjaaspoly"><a name="rzahajgssjaaspoly"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Sample: JAAS policy file</h1>
|
||
|
<div><div class="section"><p>For more information about using the sample policy file, see <a href="rzahajgssdownloadsource.htm">Downloading and running the IBM<sup>®</sup> JGSS samples</a>.</p>
|
||
|
<p><strong>Note:</strong> Read
|
||
|
the <a href="codedisclaimer.htm">Code example disclaimer</a> for important
|
||
|
legal information. </p>
|
||
|
<pre>// ----------------------------------------------------------------------------
|
||
|
// JAAS policy file for running the JGSS sample applications.
|
||
|
// Modify these permissions to suit your environment.
|
||
|
// Not recommended for use for any purpose other than that stated above.
|
||
|
// In particular, do not use this policy file or its
|
||
|
// contents to protect resources in a production environment.
|
||
|
//
|
||
|
// Code example disclaimer
|
||
|
// IBM grants you a nonexclusive copyright license to use all programming code
|
||
|
// examples from which you can generate similar function tailored to your own
|
||
|
// specific needs.
|
||
|
// All sample code is provided by IBM for illustrative purposes only.
|
||
|
// These examples have not been thoroughly tested under all conditions.
|
||
|
// IBM, therefore, cannot guarantee or imply reliability, serviceability, or
|
||
|
// function of these programs.
|
||
|
// All programs contained herein are provided to you "AS IS" without any
|
||
|
// warranties of any kind.
|
||
|
// The implied warranties of non-infringement, merchantability and fitness
|
||
|
// for a particular purpose are expressly disclaimed.
|
||
|
//
|
||
|
// ----------------------------------------------------------------------------
|
||
|
|
||
|
//-----------------------------------------------------------------------------
|
||
|
// Permissions for client only
|
||
|
//-----------------------------------------------------------------------------
|
||
|
|
||
|
grant CodeBase "file:ibmjgsssample.jar",
|
||
|
Principal javax.security.auth.kerberos.KerberosPrincipal
|
||
|
"bob@REALM.IBM.COM"
|
||
|
{
|
||
|
// foo needs to be able to initiate a context with the server
|
||
|
permission javax.security.auth.kerberos.ServicePermission
|
||
|
"gss_service/myhost.ibm.com@REALM.IBM.COM", "initiate";
|
||
|
|
||
|
// So that foo can delegate his creds to the server
|
||
|
permission javax.security.auth.kerberos.DelegationPermission
|
||
|
"\"gss_service/myhost.ibm.com@REALM.IBM.COM\" \"krbtgt/REALM.IBM.COM@REALM.IBM.COM\"";
|
||
|
};
|
||
|
|
||
|
//-----------------------------------------------------------------------------
|
||
|
// Permissions for the server only
|
||
|
//-----------------------------------------------------------------------------
|
||
|
|
||
|
grant CodeBase "file:ibmjgsssample.jar",
|
||
|
Principal javax.security.auth.kerberos.KerberosPrincipal
|
||
|
"gss_service/myhost.ibm.com@REALM.IBM.COM"
|
||
|
{
|
||
|
// Permission for the server to accept network connections on its host
|
||
|
permission java.net.SocketPermission "myhost.ibm.com", "accept";
|
||
|
|
||
|
// Permission for the server to accept JGSS contexts
|
||
|
permission javax.security.auth.kerberos.ServicePermission
|
||
|
"gss_service/myhost.ibm.com@REALM.IBM.COM", "accept";
|
||
|
|
||
|
// The server acts as a client when communicating with the secondary (backup) server
|
||
|
// This permission allows the server to initiate a context with the secondary server
|
||
|
permission javax.security.auth.kerberos.ServicePermission
|
||
|
"gss_service2/myhost.ibm.com@REALM.IBM.COM", "initiate";
|
||
|
};
|
||
|
|
||
|
//-----------------------------------------------------------------------------
|
||
|
// Permissions for the secondary server
|
||
|
//-----------------------------------------------------------------------------
|
||
|
|
||
|
grant CodeBase "file:ibmjgsssample.jar",
|
||
|
Principal javax.security.auth.kerberos.KerberosPrincipal
|
||
|
"gss_service2/myhost.ibm.com@REALM.IBM.COM"
|
||
|
{
|
||
|
// Permission for the secondary server to accept network connections on its host
|
||
|
permission java.net.SocketPermission "myhost.ibm.com", "accept";
|
||
|
|
||
|
// Permission for the server to accept JGSS contexts
|
||
|
permission javax.security.auth.kerberos.ServicePermission
|
||
|
"gss_service2/myhost.ibm.com@REALM.IBM.COM", "accept";
|
||
|
};</pre>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahajgsssampview.htm" title="The IBM Java Generic Security Service (JGSS) sample files include client and server programs, configuration files, policy files, and javadoc reference information. Use the following links to view HTML versions of the JGSS samples.">Viewing the IBM JGSS samples</a></div>
|
||
|
</div>
|
||
|
|
||
|
<div class="linklist"><strong>Collected links</strong><br />
|
||
|
|
||
|
<div><a href="rzahajgssdownloadsource.htm" title="This topic contains instructions for downloading and running the sample javadoc information.">Downloading and running
|
||
|
the IBM JGSS samples</a></div>
|
||
|
<div><a href="codedisclaimer.htm">Code example disclaimer</a></div></div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|