private Main installSecurityPolicy() throws Exception {
Config config = readConfig();
List<Permission> permissions = new ArrayList<>();
// Need access to the network interface/port to which we listen
PortInfo listen = PortInfo.parseUrl(config.getString("listen.url", "http://localhost:8000"));
permissions.add(new SocketPermission("*:" + listen.port(), "listen,resolve"));
// Configurable list of servers to which we can connect
String csv = config.getString("connect.outbound");
if (csv != null) {
for (String s : csv.split(",")) {
permissions.add(new SocketPermission(s, "connect,resolve"));
}
}
// For fake security we need to act as a client to our own embedded authentication
if (config.getBooleanOrFalse("insecure.fake.security")) {
permissions.add(new SocketPermission("localhost:" + listen.port(), "connect,resolve"));
}
// Connecting to centralized authentication server
PortInfo authServer = PortInfo.parseUrl(config.getString("auth.server.base.uri"));
if (authServer != null) {
permissions.add(new SocketPermission(authServer.host() + ":" + authServer.port(), "connect,resolve"));
}
// These two are for hsqldb to store its database files
permissions.add(new FilePermission(workDir() + "/.hsql", "read,write,delete"));
permissions.add(new FilePermission(workDir() + "/.hsql/-", "read,write,delete"));
// In case we are terminating SSL/TLS on the server
permissions.add(new FilePermission(workDir() + "/local.ssl.jks", "read"));
// Vert.x default directory for handling file uploads
permissions.add(new FilePermission(workDir() + "/file-uploads", "read,write"));
// The SAML implementation needs these four (xml parsing; write metadata into conf)
permissions.add(new FilePermission(workDir() + "/conf", "read,write"));
permissions.add(new FilePermission(workDir() + "/conf/-", "read,write"));
permissions.add(new SecurityPermission("org.apache.xml.security.register"));
permissions.add(new PropertyPermission("org.apache.xml.security.ignoreLineBreaks", "write"));
// Oracle JDBC driver requires these
Flavor flavor = Flavor.fromJdbcUrl(config.getString("database.url", "jdbc:postgresql:"));
if (flavor == Flavor.oracle) {
permissions.add(new MBeanServerPermission("createMBeanServer"));
permissions.add(new ManagementPermission("control"));
permissions.add(new MBeanPermission("*", "registerMBean"));
permissions.add(new MBeanTrustPermission("register"));
}
setSecurityPolicy(permissions.toArray(new Permission[0]));
return this;
}
Main.java 文件源码
java
阅读 17
收藏 0
点赞 0
评论 0
项目:vertx-template
作者:
评论列表
文章目录
