Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-4100

Add info about default value for maximum-permissions into How To Configure Server Security

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • 7.0.0.ER7
    • 7.0.0.ER7
    • Documentation
    • None

    Description

      Book: How To Configure Server Security
      Revision: 8001683

      Issue description:
      When maximum-permissions attribute is not set in the security-manager subsystem. Then it defaults to java.security.AllPermission (i.e. unlimited permissions). This behavior has to be documented as users could expect the default to be an empty list of permissions (i.e. no permissions).

      Suggestion for improvement:
      Add a note into the section "5.2.1. Defining Policies in the Security Manager Subsystem" with information about the default. E.g.
      If maximum-permissions attribute is not defined for /subsystem=security-manager/deployment-permissions then it's value defaults to java.security.AllPermission.

      Attachments

        Issue Links

          is blocked by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-2912 Missing documentation for Security Manager configuration changes

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Activity

            People

              zrhoads Zach Rhoads (Inactive)
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Josef Cacek Josef Cacek (Inactive)
              Josef Cacek Josef Cacek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: