|
1 grant { |
|
2 permission java.util.PropertyPermission "*", "read,write"; |
|
3 permission java.net.SocketPermission "*:*", "listen,resolve,accept,connect"; |
|
4 permission java.io.FilePermission "*", "read,write,delete"; |
|
5 permission java.lang.RuntimePermission "accessDeclaredMembers"; |
|
6 permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; |
|
7 permission java.lang.RuntimePermission "accessClassInPackage.*"; |
|
8 permission javax.security.auth.AuthPermission "doAs"; |
|
9 permission javax.security.auth.AuthPermission "getSubject"; |
|
10 permission javax.security.auth.AuthPermission |
|
11 "createLoginContext.server_star"; |
|
12 permission javax.security.auth.AuthPermission |
|
13 "createLoginContext.server_multiple_principals"; |
|
14 permission javax.security.auth.AuthPermission "modifyPrincipals"; |
|
15 permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab java.security.Principal \"krb5.keytab.data\"", "read"; |
|
16 |
|
17 // clients have a permission to use all service principals |
|
18 permission javax.security.auth.kerberos.ServicePermission "*", "initiate"; |
|
19 |
|
20 // server has a service permission |
|
21 // to accept only service1 and service3 principals |
|
22 permission javax.security.auth.kerberos.ServicePermission |
|
23 "host/service1.localhost@TEST.REALM", "accept"; |
|
24 permission javax.security.auth.kerberos.ServicePermission |
|
25 "host/service3.localhost@TEST.REALM", "accept"; |
|
26 }; |