// Permissions specific to Jetty // This is an example policy file that can be used to restrict Jetty. // It should be used with a command like: // java -Djetty.home=$JETTY_HOME -Dwebapp=jetty -Djava.security.manager -Djava.security.policy=file:$JETTY_HOME/etc/jetty.policy com.mortbay.Jetty.Demo // grant codeBase "file:${jetty.home}/lib/-" { permission java.net.SocketPermission "localhost:1-65536", "connect,accept,listen,resolve"; permission java.net.SocketPermission "*", "accept,resolve"; permission java.util.PropertyPermission "*", "read,write"; permission java.io.FilePermission "${jetty.home}${/}-", "read"; permission java.io.FilePermission "${jetty.home}${/}logs${/}*", "read,write,delete"; permission java.io.FilePermission "${jetty.home}${/}cgi-bin${/}-", "read,execute"; permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete"; permission java.security.SecurityPermission "putProviderProperty.SunJSSE"; permission java.security.SecurityPermission "insertProvider.SunJSSE"; permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "setContextClassLoader"; permission java.lang.RuntimePermission "accessClassInPackage.sun.tools.*"; }; // Permissions specific to a particular web application grant codeBase "file:${jetty.home}/webapps/${webapp}/WEB-INF/-" { permission java.io.FilePermission "file:${jetty.home}/webapps/${webapp}/-", "read"; }; // Permissions for JSPs and other temp classes grant codeBase "file:${java.io.tmpdir}/-" { permission java.io.FilePermission "file:${jetty.home}/webapps/${webapp}/-", "read"; }; // Stuff loaded from the extensions library can do anything! grant codeBase "file:${java.home}/lib/ext/-" { permission java.security.AllPermission; }; // Everything gets these permissions: grant { permission java.io.FilePermission "${jetty.home}${/}-", "read"; permission java.io.FilePermission "${java.home}${/}-", "read"; permission java.io.FilePermission "/usr/local/jdk/jdk1.2.2.006/lib/tools.jar", "read"; permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete"; permission java.util.PropertyPermission "*", "read"; permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "accessClassInPackage.sun.tools.*"; };