1grant { 2 permission java.util.PropertyPermission "*", "read,write"; 3 permission java.net.SocketPermission "*:*", "listen,resolve,accept,connect"; 4 permission java.io.FilePermission "/-", "read"; 5 permission java.io.FilePermission "*", "read,write,delete"; 6 permission java.lang.RuntimePermission "accessDeclaredMembers"; 7 permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; 8 permission java.lang.RuntimePermission "accessClassInPackage.*"; 9 permission javax.security.auth.AuthPermission "doAs"; 10 permission javax.security.auth.AuthPermission "getSubject"; 11 permission javax.security.auth.AuthPermission 12 "createLoginContext.server_star"; 13 permission javax.security.auth.AuthPermission 14 "createLoginContext.server_multiple_principals"; 15 permission javax.security.auth.AuthPermission "modifyPrincipals"; 16 permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab java.security.Principal \"krb5.keytab.data\"", "read"; 17 18 // clients have a permission to use all service principals 19 permission javax.security.auth.kerberos.ServicePermission "*", "initiate"; 20 21 // server has a service permission 22 // to accept only service1 and service3 principals 23 permission javax.security.auth.kerberos.ServicePermission 24 "host/service1.localhost@TEST.REALM", "accept"; 25 permission javax.security.auth.kerberos.ServicePermission 26 "host/service3.localhost@TEST.REALM", "accept"; 27}; 28