Apache
/
lucene
mirror of https://github.com/apache/lucene.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SOLR-12801: Relax specific test permissions to help harden tests.

This commit is contained in:
markrmiller 2018-12-10 09:38:01 -06:00
parent a1657616bb
commit bf0e9b367a
1 changed files with 6 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
lucene/tools/junit4/solr-tests.policy
View File

@ -61,21 +61,11 @@ grant {
permission javax.management.MBeanTrustPermission "*";
permission javax.security.auth.AuthPermission "*";
permission javax.security.auth.PrivateCredentialPermission "org.apache.hadoop.security.Credentials * \"*\"", "read";
permission java.security.SecurityPermission "putProviderProperty.SaslPlainServer";
permission java.security.SecurityPermission "insertProvider.SaslPlainServer";
permission java.security.SecurityPermission "*";
permission javax.xml.bind.JAXBPermission "setDatatypeConverter";
// TIKA uses BouncyCastle and that registers new provider for PDF parsing + MSOffice parsing. Maybe report as bug!
permission java.security.SecurityPermission "putProviderProperty.BC";
permission java.security.SecurityPermission "insertProvider.BC";
// Needed for some things in DNS caching in the JVM
permission java.security.SecurityPermission "getProperty.networkaddress.cache.ttl";
permission java.security.SecurityPermission "getProperty.networkaddress.cache.negative.ttl";
// SSL related properties for Solr tests
permission java.security.SecurityPermission "getProperty.ssl.*";
permission javax.net.ssl.SSLPermission "setDefaultSSLContext";
permission javax.net.ssl.SSLPermission "*";
// SASL/Kerberos related properties for Solr tests
permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosTicket * \"*\"", "read";
@ -84,15 +74,11 @@ grant {
permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab * \"*\"", "read";
permission javax.security.auth.PrivateCredentialPermission "sun.security.jgss.krb5.Krb5Util$KeysFromKeyTab * \"*\"", "read";
permission javax.security.auth.kerberos.ServicePermission "krbtgt/EXAMPLE.COM@EXAMPLE.COM", "initiate";
permission javax.security.auth.kerberos.ServicePermission "zookeeper/localhost@EXAMPLE.COM", "initiate";
permission javax.security.auth.kerberos.ServicePermission "zookeeper/localhost@EXAMPLE.COM", "accept";
permission javax.security.auth.kerberos.ServicePermission "HTTP/127.0.0.1@EXAMPLE.COM", "initiate";
permission javax.security.auth.kerberos.ServicePermission "HTTP/127.0.0.1@EXAMPLE.COM", "accept";
permission javax.security.auth.kerberos.DelegationPermission "\"HTTP/127.0.0.1@EXAMPLE.COM\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\"";
permission javax.security.auth.kerberos.ServicePermission "*", "initiate";
permission javax.security.auth.kerberos.ServicePermission "*", "accept";
permission javax.security.auth.kerberos.DelegationPermission "\"*\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\"";
// java 8 accessibility requires this perm - should not after 8 I believe (rrd4j is the root reason we hit an accessibility code path)
permission java.awt.AWTPermission "listenToAllAWTEvents";
permission java.awt.AWTPermission "accessEventQueue";
permission java.awt.AWTPermission "*";
};