mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-10 23:15:04 +00:00
9cd397727f
The LDAP realm is a bind-per-user strategy and the group lookup strategy is configurable. If a role mapping file is not defined, groups names are taken as role names. Special configuration for active directory simplifies the configuration. Integration Tests are using an embedded apache DS LDAP Server. Original commit: elastic/x-pack-elasticsearch@ce20e1b3be
43 lines
2.1 KiB
Plaintext
43 lines
2.1 KiB
Plaintext
grant {
|
|
// permissions for file access, write access only to sandbox:
|
|
permission java.io.FilePermission "<<ALL FILES>>", "read,execute";
|
|
permission java.io.FilePermission "${junit4.childvm.cwd}", "read,execute,write";
|
|
permission java.io.FilePermission "${junit4.childvm.cwd}${/}-", "read,execute,write,delete";
|
|
permission java.io.FilePermission "${junit4.tempDir}${/}*", "read,execute,write,delete";
|
|
permission groovy.security.GroovyCodeSourcePermission "/groovy/script";
|
|
|
|
// Allow connecting to the internet anywhere
|
|
permission java.net.SocketPermission "*", "accept,listen,connect,resolve";
|
|
|
|
// Basic permissions needed for Lucene / Elasticsearch to work:
|
|
permission java.util.PropertyPermission "*", "read,write";
|
|
permission java.lang.reflect.ReflectPermission "*";
|
|
permission java.lang.RuntimePermission "*";
|
|
|
|
// These two *have* to be spelled out a separate
|
|
permission java.lang.management.ManagementPermission "control";
|
|
permission java.lang.management.ManagementPermission "monitor";
|
|
|
|
permission java.net.NetPermission "*";
|
|
permission java.util.logging.LoggingPermission "control";
|
|
permission javax.management.MBeanPermission "*", "*";
|
|
permission javax.management.MBeanServerPermission "*";
|
|
permission javax.management.MBeanTrustPermission "*";
|
|
|
|
// Needed for some things in DNS caching in the JVM
|
|
permission java.security.SecurityPermission "getProperty.networkaddress.cache.ttl";
|
|
permission java.security.SecurityPermission "getProperty.networkaddress.cache.negative.ttl";
|
|
|
|
// Needed for accept all ssl certs in tests
|
|
permission javax.net.ssl.SSLPermission "setHostnameVerifier";
|
|
|
|
// Needed to startup embedded apacheDS LDAP server for tests
|
|
permission java.security.SecurityPermission "putProviderProperty.BC";
|
|
permission java.security.SecurityPermission "insertProvider.BC";
|
|
permission java.security.SecurityPermission "getProperty.ssl.KeyManagerFactory.algorithm";
|
|
|
|
//this shouldn't be in a production environment, just to run tests:
|
|
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
|
|
permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
|
|
};
|