zhouyl
/
jw-deploy
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
jw项目windows环境软件安装
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
741 MiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
jw-deploy/elasticsearch/modules/x-pack-security/plugin-security.policy

34 lines
2.2 KiB
Raw Permalink Normal View History

first commit
1 year ago
  1. grant {
  2. permission java.lang.RuntimePermission "setFactory";
  4. // needed for SAML
  5. permission java.util.PropertyPermission "org.apache.xml.security.ignoreLineBreaks", "read,write";
  7. // needed during initialization of OpenSAML library where xml security algorithms are registered
  8. // see https://github.com/apache/santuario-java/blob/e79f1fe4192de73a975bc7246aee58ed0703343d/src/main/java/org/apache/xml/security/utils/JavaUtils.java#L205-L220
  9. // and https://git.shibboleth.net/view/?p=java-opensaml.git;a=blob;f=opensaml-xmlsec-impl/src/main/java/org/opensaml/xmlsec/signature/impl/SignatureMarshaller.java;hb=db0eaa64210f0e32d359cd6c57bedd57902bf811#l52
  10. // which uses it in the opensaml-xmlsec-impl
  11. permission java.security.SecurityPermission "org.apache.xml.security.register";
  13. // needed for multiple server implementations used in tests
  14. permission java.net.SocketPermission "*", "accept,connect";
  16. // needed for Kerberos login
  17. permission javax.security.auth.AuthPermission "modifyPrincipals";
  18. permission javax.security.auth.AuthPermission "modifyPrivateCredentials";
  19. permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosKey * \"*\"", "read";
  20. permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab * \"*\"", "read";
  21. permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosTicket * \"*\"", "read";
  22. permission javax.security.auth.AuthPermission "doAs";
  23. permission javax.security.auth.kerberos.ServicePermission "*","initiate,accept";
  25. permission java.util.PropertyPermission "javax.security.auth.useSubjectCredsOnly","write";
  26. permission java.util.PropertyPermission "java.security.krb5.conf","write";
  27. permission java.util.PropertyPermission "sun.security.krb5.debug","write";
  28. permission java.util.PropertyPermission "java.security.debug","write";
  29. permission java.util.PropertyPermission "sun.security.spnego.debug","write";
  31. // needed for kerberos file permission tests to access user information
  32. permission java.lang.RuntimePermission "accessUserInformation";
  33. permission java.lang.RuntimePermission "getFileStoreAttributes";
  34. };