ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaha_5.4.0.1/rzahajgssjvmperm.htm

71 lines
4.4 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="JVM permissions" />
<meta name="DC.Relation" scheme="URI" content="rzahajgsscfgsecmgr.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssjaasperm.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahajgssjvmperm" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>JVM permissions</title>
</head>
<body id="rzahajgssjvmperm"><a name="rzahajgssjvmperm"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">JVM permissions</h1>
<div><p>In addition to the access control checks performed by JGSS, the Java™ virtual
machine (JVM) performs authorization checks when accessing a variety of resources,
including files, Java properties, packages, and sockets.</p>
<p>For more information about using JVM permissions, see <a href="http://java.sun.com/j2se/1.4/docs/guide/security/permissions.html" target="_blank">Permissions
in the Java 2 SDK</a>.</p>
<p>The following list identifies the permissions required when you use the
JAAS features of JGSS or use JGSS with a security manager:</p>
<ul><li>javax.security.auth.AuthPermission "modifyPrincipals"</li>
<li>javax.security.auth.AuthPermission "modifyPrivateCredentials"</li>
<li>javax.security.auth.AuthPermission "getSubject"</li>
</ul>
<ul><li>javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosKey
javax.security.auth.kerberos.KerberosPrincipal \"*\"", "read" </li>
<li>javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosTicket
javax.security.auth.kerberos.KerberosPrincipal \"*\"", "read" </li>
</ul>
<ul><li>java.util.PropertyPermission "com.ibm.security.jgss.debug", "read"</li>
<li>java.util.PropertyPermission "DEBUG", "read"</li>
<li>java.util.PropertyPermission "java.home", "read"</li>
<li>java.util.PropertyPermission "java.security.krb5.conf", "read"</li>
<li>java.util.PropertyPermission "java.security.krb5.kdc", "read"</li>
<li>java.util.PropertyPermission "java.security.krb5.realm", "read"</li>
<li>java.util.PropertyPermission "javax.security.auth.useSubjectCredsOnly",
"read"</li>
<li>java.util.PropertyPermission "user.dir", "read"</li>
<li>java.util.PropertyPermission "user.home", "read"</li>
</ul>
<ul><li>java.lang.RuntimePermission "accessClassInPackage.sun.security.action"</li>
</ul>
<ul><li>java.security.SecurityPermission "putProviderProperty.IBMJGSSProvider"</li>
</ul>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahajgsscfgsecmgr.htm" title="If you are running your JGSS application with a Java security manager enabled, you need to ensure that your application and JGSS have the necessary permissions.">Using a security manager</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzahajgssjaasperm.htm" title="IBM JGSS performs runtime permission checks at the time the JAAS-enabled program uses credentials and accesses services. You can disable this optional JAAS feature by setting the Java property avax.security.auth.useSubjectCredsOnly to false. Moreover, JGSS performs permission checks only when the application runs with a security manager.">JAAS permission checks</a></div>
</div>
</div>
</body>
</html>