| grant { |
| permission java.util.PropertyPermission "*", "read,write"; |
| permission java.net.SocketPermission "*:*", "listen,resolve,accept,connect"; |
| permission java.io.FilePermission "/-", "read"; |
| permission java.io.FilePermission "*", "read,write,delete"; |
| permission java.lang.RuntimePermission "accessDeclaredMembers"; |
| permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; |
| permission java.lang.RuntimePermission "accessClassInPackage.*"; |
| permission javax.security.auth.AuthPermission "doAs"; |
| permission javax.security.auth.AuthPermission "getSubject"; |
| permission javax.security.auth.AuthPermission |
| "createLoginContext.server_star"; |
| permission javax.security.auth.AuthPermission |
| "createLoginContext.server_multiple_principals"; |
| permission javax.security.auth.AuthPermission "modifyPrincipals"; |
| permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab java.security.Principal \"krb5.keytab.data\"", "read"; |
| |
| // clients have a permission to use all service principals |
| permission javax.security.auth.kerberos.ServicePermission "*", "initiate"; |
| |
| // server has a service permission |
| // to accept only service1 and service3 principals |
| permission javax.security.auth.kerberos.ServicePermission |
| "host/service1.localhost@TEST.REALM", "accept"; |
| permission javax.security.auth.kerberos.ServicePermission |
| "host/service3.localhost@TEST.REALM", "accept"; |
| }; |