X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FSecurityProfile.java;h=7d5242fa268dd026ac264a9f105149700ae776bb;hb=810aecacb19916bade7e4bcfcbbb54c301f672df;hp=358b212b1cbaf765690f44afbcfea7df399944b3;hpb=ca59ec5bdf16364159d8d826306c90762192e12c;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/SecurityProfile.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/SecurityProfile.java index 358b212b1..7d5242fa2 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/SecurityProfile.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/SecurityProfile.java @@ -6,9 +6,6 @@ import java.net.SocketPermission; import java.security.AllPermission; import java.util.PropertyPermission; -import javax.management.MBeanPermission; -import javax.management.MBeanServerPermission; -import javax.management.MBeanTrustPermission; import javax.security.auth.AuthPermission; import org.osgi.framework.AdminPermission; @@ -24,8 +21,6 @@ import org.osgi.service.condpermadmin.ConditionalPermissionInfo; import org.osgi.service.condpermadmin.ConditionalPermissionUpdate; import org.osgi.service.permissionadmin.PermissionInfo; -import bitronix.tm.BitronixTransactionManager; - public interface SecurityProfile { BundleContext bc = FrameworkUtil.getBundle(SecurityProfile.class).getBundleContext(); @@ -107,15 +102,15 @@ public interface SecurityProfile { // ConditionalPermissionInfo.ALLOW)); // Bitronix - update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { locate(BitronixTransactionManager.class) }) }, - new PermissionInfo[] { new PermissionInfo(PropertyPermission.class.getName(), "bitronix.tm.*", "read"), - new PermissionInfo(RuntimePermission.class.getName(), "getClassLoader", null), - new PermissionInfo(MBeanServerPermission.class.getName(), "createMBeanServer", null), - new PermissionInfo(MBeanPermission.class.getName(), "bitronix.tm.*", "registerMBean"), - new PermissionInfo(MBeanTrustPermission.class.getName(), "register", null) }, - ConditionalPermissionInfo.ALLOW)); +// update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null, +// new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), +// new String[] { locate(BitronixTransactionManager.class) }) }, +// new PermissionInfo[] { new PermissionInfo(PropertyPermission.class.getName(), "bitronix.tm.*", "read"), +// new PermissionInfo(RuntimePermission.class.getName(), "getClassLoader", null), +// new PermissionInfo(MBeanServerPermission.class.getName(), "createMBeanServer", null), +// new PermissionInfo(MBeanPermission.class.getName(), "bitronix.tm.*", "registerMBean"), +// new PermissionInfo(MBeanTrustPermission.class.getName(), "register", null) }, +// ConditionalPermissionInfo.ALLOW)); // DS Bundle dsBundle = findBundle("org.eclipse.equinox.ds"); @@ -135,7 +130,7 @@ public interface SecurityProfile { ConditionalPermissionInfo.ALLOW)); // Jetty - Bundle jettyUtilBundle = findBundle("org.eclipse.equinox.http.jetty"); + // Bundle jettyUtilBundle = findBundle("org.eclipse.equinox.http.jetty"); update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), new String[] { "*/org.eclipse.jetty.*" }) }, @@ -257,16 +252,14 @@ public interface SecurityProfile { new PermissionInfo(AdminPermission.class.getName(), "*", "*") }, ConditionalPermissionInfo.ALLOW)); Bundle luceneBundle = findBundle("org.apache.lucene"); - update.getConditionalPermissionInfos() - .add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { luceneBundle.getLocation() }) }, - new PermissionInfo[] { - new PermissionInfo(FilePermission.class.getName(), "<>", - "read,write,delete"), - new PermissionInfo(PropertyPermission.class.getName(), "*", "read"), - new PermissionInfo(AdminPermission.class.getName(), "*", "*") }, - ConditionalPermissionInfo.ALLOW)); + update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null, + new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), + new String[] { luceneBundle.getLocation() }) }, + new PermissionInfo[] { + new PermissionInfo(FilePermission.class.getName(), "<>", "read,write,delete"), + new PermissionInfo(PropertyPermission.class.getName(), "*", "read"), + new PermissionInfo(AdminPermission.class.getName(), "*", "*") }, + ConditionalPermissionInfo.ALLOW)); // COMMIT update.commit();