1.1.17.3.2. fejezet, Security

java.policy

grant codeBase "file:${java.home}/lib/ext/-" {
   permission java.security.AllPermission;
};

Primefaces

Permission getClassLoader in code source "(vfs:/opt/server/wildfly-10.1.0.Final/standalone/deployments/xxx.war/WEB-INF/lib/primefaces-6.0.jar)"

        <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
            <deployment-permissions>
                <minimum-set>
                    <permission class="java.lang.RuntimePermission" name="getClassLoader"/>
                    <permission class="java.io.FilePermission" name="${jboss.home.dir}/modules/-" actions="read"/>
...
                </minimum-set>
            </deployment-permissions>
        </subsystem>

Quartz

        <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
            <deployment-permissions>
                <minimum-set>
                    <permission class="java.util.PropertyPermission" name="*" actions="read,write"/>
                    <permission class="java.io.FilePermission" name="quartz.properties" actions="read"/>
...
                </minimum-set>
            </deployment-permissions>
        </subsystem>

PostgreSQL

        <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
            <deployment-permissions>
                <minimum-set>
                    <permission class="java.net.SocketPermission" name="localhost" actions="resolve"/>
                    <permission class="java.net.SocketPermission" name="127.0.0.1:5432" actions="connect,resolve"/>
...
                </minimum-set>
            </deployment-permissions>
        </subsystem>

javax.mail GMail

        <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
            <deployment-permissions>
                <minimum-set>
                    <permission class="java.net.SocketPermission" name="smtp.gmail.com" actions="resolve,connect"/>
                    <permission class="java.net.SocketPermission" name="imap.gmail.com" actions="resolve,connect"/>
...
                </minimum-set>
            </deployment-permissions>
        </subsystem>