1 grant { |
|
2 permission java.util.PropertyPermission "*", "read,write"; |
|
3 permission java.net.SocketPermission "*:*", "listen,resolve,accept,connect"; |
|
4 permission java.io.FilePermission "/-", "read"; |
|
5 permission java.io.FilePermission "*", "read,write,delete"; |
|
6 permission java.lang.RuntimePermission "accessDeclaredMembers"; |
|
7 permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; |
|
8 permission java.lang.RuntimePermission "accessClassInPackage.*"; |
|
9 permission javax.security.auth.AuthPermission "doAs"; |
|
10 permission javax.security.auth.AuthPermission "getSubject"; |
|
11 permission javax.security.auth.AuthPermission |
|
12 "createLoginContext.server_star"; |
|
13 permission javax.security.auth.AuthPermission |
|
14 "createLoginContext.server_multiple_principals"; |
|
15 permission javax.security.auth.AuthPermission "modifyPrincipals"; |
|
16 permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab java.security.Principal \"krb5.keytab.data\"", "read"; |
|
17 |
|
18 // clients have a permission to use all service principals |
|
19 permission javax.security.auth.kerberos.ServicePermission "*", "initiate"; |
|
20 |
|
21 // server has a service permission |
|
22 // to accept only service1 and service3 principals |
|
23 permission javax.security.auth.kerberos.ServicePermission |
|
24 "host/service1.localhost@TEST.REALM", "accept"; |
|
25 permission javax.security.auth.kerberos.ServicePermission |
|
26 "host/service3.localhost@TEST.REALM", "accept"; |
|
27 }; |
|