ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaha_5.4.0.1/rzahajgssjavapoly.htm

114 lines
6.0 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Sample: Java policy file" />
<meta name="DC.Relation" scheme="URI" content="rzahajgsssampview.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahajgssjavapoly" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Sample: Java policy file</title>
</head>
<body id="rzahajgssjavapoly"><a name="rzahajgssjavapoly"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Sample: Java™ policy file</h1>
<div><div class="section"><p>For more information about using the sample policy file, see <a href="rzahajgssdownloadsource.htm">Downloading and running the IBM<sup>®</sup> JGSS samples</a>.</p>
<p><strong>Note:</strong> Read
the <a href="codedisclaimer.htm">Code example disclaimer</a> for important
legal information. </p>
<pre>// -----------------------------------------------------------------
// Java policy file for running the JGSS sample applications on
// the iSeries server.
// Modify these permissions to suit your environment.
// Not recommended for use for any purpose other than that stated above.
// In particular, do not use this policy file or its
// contents to protect resources in a production environment.
//
// Code example disclaimer
// IBM grants you a nonexclusive copyright license to use all programming code
// examples from which you can generate similar function tailored to your own
// specific needs.
// All sample code is provided by IBM for illustrative purposes only.
// These examples have not been thoroughly tested under all conditions.
// IBM, therefore, cannot guarantee or imply reliability, serviceability, or
// function of these programs.
// All programs contained herein are provided to you "AS IS" without any
// warranties of any kind.
// The implied warranties of non-infringement, merchantability and fitness
// for a particular purpose are expressly disclaimed.
//
//---------------------------------------------------------------------
grant CodeBase "file:ibmjgsssample.jar" {
// For Java 1.3
permission javax.security.auth.AuthPermission "createLoginContext";
// For Java 1.4
permission javax.security.auth.AuthPermission "createLoginContext.JAASClient";
permission javax.security.auth.AuthPermission "createLoginContext.JAASServer";
permission javax.security.auth.AuthPermission "doAsPrivileged";
// Permission to request a ticket from the KDC
permission javax.security.auth.kerberos.ServicePermission
"krbtgt/REALM.IBM.COM@REALM.IBM.COM", "initiate";
// Permission to access sun.security.action classes
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.action";
// A whole bunch of Java properties are accessed
permission java.util.PropertyPermission "java.net.preferIPv4Stack", "read";
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.home", "read";
permission java.util.PropertyPermission "user.home", "read";
permission java.util.PropertyPermission "DEBUG", "read";
permission java.util.PropertyPermission "com.ibm.security.jgss.debug", "read";
permission java.util.PropertyPermission "java.security.krb5.kdc", "read";
permission java.util.PropertyPermission "java.security.krb5.realm", "read";
permission java.util.PropertyPermission "java.security.krb5.conf", "read";
permission java.util.PropertyPermission "javax.security.auth.useSubjectCredsOnly",
"read,write";
// Permission to communicate with the Kerberos KDC host
permission java.net.SocketPermission "kdc.ibm.com", "connect,accept,resolve";
// I run the samples from my localhost
permission java.net.SocketPermission "myhost.ibm.com", "accept,connect,resolve";
permission java.net.SocketPermission "localhost", "listen,accept,connect,resolve";
// Access to some possible Kerberos config locations
// Modify the file paths as applicable to your environment
permission java.io.FilePermission "${user.home}/krb5.ini", "read";
permission java.io.FilePermission "${java.home}/lib/security/krb5.conf", "read";
// Access to the Kerberos key table so we can get our server key.
permission java.io.FilePermission
"/QIBM/UserData/OS400/NetworkAuthentication/keytab/krb5.keytab", "read";
// Access to the user's Kerberos credentials cache.
permission java.io.FilePermission "${user.home}/krb5cc_${user.name}",
"read";
};</pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahajgsssampview.htm" title="The IBM Java Generic Security Service (JGSS) sample files include client and server programs, configuration files, policy files, and javadoc reference information. Use the following links to view HTML versions of the JGSS samples.">Viewing the IBM JGSS samples</a></div>
</div>
</div>
</body>
</html>