114 lines
6.0 KiB
HTML
114 lines
6.0 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="reference" />
|
|
<meta name="DC.Title" content="Sample: Java policy file" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzahajgsssampview.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzahajgssjavapoly" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Sample: Java policy file</title>
|
|
</head>
|
|
<body id="rzahajgssjavapoly"><a name="rzahajgssjavapoly"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Sample: Java™ policy file</h1>
|
|
<div><div class="section"><p>For more information about using the sample policy file, see <a href="rzahajgssdownloadsource.htm">Downloading and running the IBM<sup>®</sup> JGSS samples</a>.</p>
|
|
<p><strong>Note:</strong> Read
|
|
the <a href="codedisclaimer.htm">Code example disclaimer</a> for important
|
|
legal information. </p>
|
|
<pre>// -----------------------------------------------------------------
|
|
// Java policy file for running the JGSS sample applications on
|
|
// the iSeries server.
|
|
// Modify these permissions to suit your environment.
|
|
// Not recommended for use for any purpose other than that stated above.
|
|
// In particular, do not use this policy file or its
|
|
// contents to protect resources in a production environment.
|
|
//
|
|
// Code example disclaimer
|
|
// IBM grants you a nonexclusive copyright license to use all programming code
|
|
// examples from which you can generate similar function tailored to your own
|
|
// specific needs.
|
|
// All sample code is provided by IBM for illustrative purposes only.
|
|
// These examples have not been thoroughly tested under all conditions.
|
|
// IBM, therefore, cannot guarantee or imply reliability, serviceability, or
|
|
// function of these programs.
|
|
// All programs contained herein are provided to you "AS IS" without any
|
|
// warranties of any kind.
|
|
// The implied warranties of non-infringement, merchantability and fitness
|
|
// for a particular purpose are expressly disclaimed.
|
|
//
|
|
//---------------------------------------------------------------------
|
|
|
|
grant CodeBase "file:ibmjgsssample.jar" {
|
|
// For Java 1.3
|
|
permission javax.security.auth.AuthPermission "createLoginContext";
|
|
|
|
// For Java 1.4
|
|
permission javax.security.auth.AuthPermission "createLoginContext.JAASClient";
|
|
permission javax.security.auth.AuthPermission "createLoginContext.JAASServer";
|
|
|
|
permission javax.security.auth.AuthPermission "doAsPrivileged";
|
|
|
|
// Permission to request a ticket from the KDC
|
|
permission javax.security.auth.kerberos.ServicePermission
|
|
"krbtgt/REALM.IBM.COM@REALM.IBM.COM", "initiate";
|
|
|
|
// Permission to access sun.security.action classes
|
|
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.action";
|
|
|
|
// A whole bunch of Java properties are accessed
|
|
permission java.util.PropertyPermission "java.net.preferIPv4Stack", "read";
|
|
permission java.util.PropertyPermission "java.version", "read";
|
|
permission java.util.PropertyPermission "java.home", "read";
|
|
permission java.util.PropertyPermission "user.home", "read";
|
|
permission java.util.PropertyPermission "DEBUG", "read";
|
|
permission java.util.PropertyPermission "com.ibm.security.jgss.debug", "read";
|
|
permission java.util.PropertyPermission "java.security.krb5.kdc", "read";
|
|
permission java.util.PropertyPermission "java.security.krb5.realm", "read";
|
|
permission java.util.PropertyPermission "java.security.krb5.conf", "read";
|
|
permission java.util.PropertyPermission "javax.security.auth.useSubjectCredsOnly",
|
|
"read,write";
|
|
|
|
// Permission to communicate with the Kerberos KDC host
|
|
permission java.net.SocketPermission "kdc.ibm.com", "connect,accept,resolve";
|
|
|
|
// I run the samples from my localhost
|
|
permission java.net.SocketPermission "myhost.ibm.com", "accept,connect,resolve";
|
|
permission java.net.SocketPermission "localhost", "listen,accept,connect,resolve";
|
|
|
|
// Access to some possible Kerberos config locations
|
|
// Modify the file paths as applicable to your environment
|
|
permission java.io.FilePermission "${user.home}/krb5.ini", "read";
|
|
permission java.io.FilePermission "${java.home}/lib/security/krb5.conf", "read";
|
|
|
|
// Access to the Kerberos key table so we can get our server key.
|
|
permission java.io.FilePermission
|
|
"/QIBM/UserData/OS400/NetworkAuthentication/keytab/krb5.keytab", "read";
|
|
|
|
// Access to the user's Kerberos credentials cache.
|
|
permission java.io.FilePermission "${user.home}/krb5cc_${user.name}",
|
|
"read";
|
|
};</pre>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahajgsssampview.htm" title="The IBM Java Generic Security Service (JGSS) sample files include client and server programs, configuration files, policy files, and javadoc reference information. Use the following links to view HTML versions of the JGSS samples.">Viewing the IBM JGSS samples</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |