1 grant {

     2     permission java.util.PropertyPermission "*", "read,write";

     3     permission java.net.SocketPermission "*:*", "listen,resolve,accept,connect";

     4     permission java.io.FilePermission "/-", "read";

     5     permission java.io.FilePermission "*", "read,write,delete";

     6     permission java.lang.RuntimePermission "accessDeclaredMembers";

     7     permission java.lang.reflect.ReflectPermission "suppressAccessChecks";

     8     permission java.lang.RuntimePermission "accessClassInPackage.*";

     9     permission javax.security.auth.AuthPermission "doAs";

    10     permission javax.security.auth.AuthPermission "getSubject";

    11     permission javax.security.auth.AuthPermission

    12                     "createLoginContext.server_star";

    13     permission javax.security.auth.AuthPermission

    14                     "createLoginContext.server_multiple_principals";

    15     permission javax.security.auth.AuthPermission "modifyPrincipals";

    16     permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab java.security.Principal \"krb5.keytab.data\"", "read";

    17 

    18     // clients have a permission to use all service principals

    19     permission javax.security.auth.kerberos.ServicePermission "*", "initiate";

    20 

    21     // server has a service permission

    22     // to accept only service1 and service3 principals

    23     permission javax.security.auth.kerberos.ServicePermission

    24                     "host/service1.localhost@TEST.REALM", "accept";

    25     permission javax.security.auth.kerberos.ServicePermission

    26                     "host/service3.localhost@TEST.REALM", "accept";

    27 };