glassfish 0.2.0-universal-java

data/domains/domain1/config/server.policy

@@ -0,0 +1,160 @@
+//
+// The contents of this file are subject to the terms 
+// of the Common Development and Distribution License 
+// (the "License").  You may not use this file except 
+// in compliance with the License.
+// 
+// You can obtain a copy of the license at 
+// glassfish/bootstrap/legal/CDDLv1.0.txt or 
+// https://glassfish.dev.java.net/public/CDDLv1.0.html. 
+// See the License for the specific language governing 
+// permissions and limitations under the License.
+// 
+// When distributing Covered Code, include this CDDL 
+// HEADER in each file and include the License file at 
+// glassfish/bootstrap/legal/CDDLv1.0.txt.  If applicable, 
+// add the following below this CDDL HEADER, with the 
+// fields enclosed by brackets "[]" replaced with your 
+// own identifying information: Portions Copyright [yyyy] 
+// [name of copyright owner]
+//
+
+/* Copyright 2004 Sun Microsystems, Inc. All rights reserved.     */
+/* SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */
+
+// Core server classes get all permissions by default
+grant codeBase "file:${com.sun.aas.installRoot}/lib/-" {
+    permission java.security.AllPermission;
+};
+
+// jdmk classes get all permissions by default
+grant codeBase "file:${com.sun.aas.jdmkHome}/lib/-" {
+    permission java.security.AllPermission;
+};
+
+// mfwk_instrum_tk.jar  get all permissions by default
+grant codeBase "file:${com.sun.aas.mfwkHome}/lib/mfwk_instrum_tk.jar" {
+    permission java.security.AllPermission;
+};
+
+// lockhart classes get all permissions by default
+grant codeBase "file:${com.sun.aas.webconsoleLib}/cc.jar" {
+        permission java.security.AllPermission;
+};
+
+// jato classes get all permissions by default
+grant codeBase "file:${com.sun.aas.jatoRoot}/jato.jar" {
+        permission java.security.AllPermission;
+};
+
+// JBI get all permissions by default
+grant codeBase "file:${com.sun.aas.installRoot}/jbi/-" {
+    permission java.security.AllPermission;
+};
+
+// JBI instances get all permissions by default
+grant codeBase "file:${com.sun.aas.instanceRoot}/jbi/-" {
+    permission java.security.AllPermission;
+};
+
+// Composite applications get all permissions by default
+grant codeBase "file:${com.sun.aas.instanceRoot}/applications/composite-applications/-" {
+    permission java.security.AllPermission;
+};
+
+// iMQ classes get all permissions by default
+grant codeBase "file:${com.sun.aas.imqLib}/-" {
+    permission java.security.AllPermission;
+};
+
+// ANT classes get all permissions by default
+grant codeBase "file:${com.sun.aas.antLib}/-" {
+    permission java.security.AllPermission;
+};
+
+// Derby driver classes get all permissions by default
+grant codeBase "file:${com.sun.aas.derbyRoot}/lib/-" {
+    permission java.security.AllPermission;
+}; 
+
+// Pointbase embedded server classes get all permissions by default
+grant codeBase "file:${com.sun.aas.pointbaseRoot}/lib/-" {
+    permission java.security.AllPermission;
+};
+
+// Web Services classes get all permissions by default
+grant codeBase "file:${com.sun.aas.webServicesLib}/-" {
+    permission java.security.AllPermission;
+};
+
+// permissions for avkit classes
+grant codeBase "file:${j2ee.appverification.home}/lib/-" {
+    permission java.security.AllPermission;
+};
+
+// permissions for HADB jar file(s)
+grant codeBase "file:${com.sun.aas.hadbRoot}/lib/-" {
+    permission java.security.AllPermission;
+};
+
+// permission for JDK's tools.jar to enable webservice annotation processing
+// at runtime by wsgen tool: 
+//       permission java.lang.RuntimePermission "createClassLoader";
+//
+// permission for JDK's tools.jar to sign JARs at runtime for 
+// Java Web Start support:
+//       permissions java.security.AllPermission;
+// on the advice of the JDK tools folks.  Should be refined later.
+grant codeBase "file:${com.sun.aas.javaRoot}/lib/tools.jar" {
+    permission java.security.AllPermission;
+};
+
+//Loading MBeans from anywhere, to take care of side effects of 6235678.
+grant {
+    permission javax.management.MBeanTrustPermission "register" ;
+};
+//Loading MBeans from anywhere, to take care of side effects of 6235678.
+
+
+// Basic set of required permissions granted to all remaining code
+grant {
+    //Workaround for bugs #6484935, 6513799
+    permission java.lang.RuntimePermission "getProtectionDomain";
+    permission com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission "access";
+    permission java.util.PropertyPermission "*", "read,write";
+
+    permission java.lang.RuntimePermission  "loadLibrary.*";
+    permission java.lang.RuntimePermission  "queuePrintJob";
+    permission java.net.SocketPermission    "*", "connect";
+    permission java.io.FilePermission       "<<ALL FILES>>", "read,write";
+
+        // work-around for pointbase bug 4864405      
+        permission java.io.FilePermission "${com.sun.aas.instanceRoot}${/}lib${/}databases${/}-", "delete";
+        permission java.io.FilePermission "${java.io.tmpdir}${/}-", "delete";
+
+    permission java.util.PropertyPermission "*", "read";
+
+    permission java.lang.RuntimePermission    "modifyThreadGroup";
+    permission java.lang.RuntimePermission    "getClassLoader";
+    permission java.lang.RuntimePermission    "setContextClassLoader";
+        permission javax.management.MBeanPermission "[com.sun.messaging.jms.*:*]", "*"; 
+};
+
+
+// Following grant block is only required by Connectors. If Connectors
+// are not in use the recommendation is to remove this grant.
+grant {
+        permission javax.security.auth.PrivateCredentialPermission "javax.resource.spi.security.PasswordCredential * \"*\"","read";
+};
+
+// Following grant block is only required for Reflection. If Reflection
+// is not in use the recommendation is to remove this section.
+grant {
+    permission java.lang.RuntimePermission "accessDeclaredMembers";
+};
+
+// Permissions to invoke CORBA objects in server
+grant {
+    permission com.sun.enterprise.security.CORBAObjectPermission "*", "*";
+};
+

data/domains/domain1/config/sun-acc.xml

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+   Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved.
+   Use is subject to license terms.
+-->
+
+<!--
+   Please remember to customize this file for your environment. The defaults for 
+   following fields may not be appropriate.  
+   - target-server name, address and port
+   - Property security.config in message-security-config
+-->
+
+<!DOCTYPE client-container PUBLIC "-//Sun Microsystems Inc.//DTD Application Server 8.0 Application Client Container//EN" "http://www.sun.com/software/appserver/dtds/sun-application-client-container_1_2.dtd">
+
+<client-container>
+  <target-server name="laturbie.sfbay.sun.com" address="laturbie.sfbay.sun.com" port="3700"/>
+  <log-service file="" level="WARNING"/>
+  <message-security-config auth-layer="SOAP">
+    <!-- turned off by default -->
+    <provider-config class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-id="XWS_ClientProvider" provider-type="client"> 
+      <request-policy auth-source="content"/>
+      <response-policy auth-source="content"/>
+      <property name="encryption.key.alias" value="s1as"/>
+      <property name="signature.key.alias" value="s1as"/>
+      <property name="dynamic.username.password" value="false"/>
+      <property name="debug" value="false"/>
+    </provider-config>
+    <provider-config class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-id="ClientProvider" provider-type="client"> 
+      <request-policy auth-source="content"/>
+      <response-policy auth-source="content"/>
+      <property name="encryption.key.alias" value="s1as"/>
+      <property name="signature.key.alias" value="s1as"/>
+      <property name="dynamic.username.password" value="false"/>
+      <property name="debug" value="false"/>
+      <property name="security.config" value="/Users/dochez/java/cvs/v3/publish/lib/appclient/wss-client-config-1.0.xml"/> 
+    </provider-config>
+  </message-security-config>
+</client-container>

data/domains/domain1/config/wss-server-config-1.0.xml

@@ -0,0 +1,86 @@
+<!--
+Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
+-->
+<!--
+ This server side config file pairs with wss-client-config-1.0.xml on the client
+ and supports the following UseCases:
+ Usecase 1: Authentication using Protected UsernameToken
+ Usecase 3: Encrypted UsernameToken and MessageBody
+ Usecase 4: Response Encryption Key Learnt from Incoming Message
+
+ Certificate Alias Information :
+ 1. A certificateAlias under the <xwss:Encrypt> element signifies the certificate
+    of the recipient of the message.
+ 2. A certificateAlias under the <xwss:Sign> element signifies the certificate of the
+    sender.
+                                                                                                                                               
+ NOTE:
+                                                                                                                                               
+   1. the certificateAlias has the above meaning for all the Sign and Encrypt elements below
+   2. there are several Sign and Encrypt elements below and similarly several RequireSignature and
+      RequireEncryption elements. Which of them would be actually used at runtime will depend on
+      the AuthPolicy passed to the module.
+                                                                                                                                               
+      For Example : if Auth-Source=Sender then only the <xwss:UsernameToken> elements will be used
+      and none of the <xwss:Sign> elements will be used.
+      If Auth-Source=Content then the <xwss:Sign> element will be used
+                                                                                                                                               
+   3.  The different variations of <xwss:Encrypt> elements in this configuration file are to accomodate
+       default encryption of the UsernameToken.
+                                                                                                                                               
+   4.  The actual certificate alias to be used for any Signature operation can be modified during AuthModule
+       initialization by setting the alias as the value of "signature.key.alias" property in the Module Options Map.
+   5.  The actual certificate alias to be used for any Encrypt operation can be modified during AuthModule
+       initialization by setting the alias as the value of "encryption.key.alias" property in the Module Options Map.
+                                                                                                                                               
+   6. Debug Dumping of Messages can be enabled by setting the "debug" property in the Module Options Map to "true" during
+      AuthModule initialization.
+   7. The Actual configuration file to be used by an Authmodule can be changed by setting the property "security.config" in
+      the Module Options Map to point to the configuration file location.
+   8. When the "security.config" property is not set during module initialization then a client auth module will use wss-client-config-2.0.xml
+      by default.
+   9. When the "security.config" property is not set during module initialization then a server auth module will use wss-server-config-2.0.xml
+      by default.
+
+-->
+
+<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" 
+                            dumpMessages="false">
+    <xwss:Timestamp/>
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireSignature>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:RequireSignature>     
+    <xwss:RequireUsernameToken nonceRequired="false" passwordDigestRequired="false"/>      
+    <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+    </xwss:Encrypt>    
+    <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+    </xwss:Encrypt>
+    <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:Encrypt>
+    <xwss:Sign>
+        <xwss:X509Token certificateAlias="s1as"/>
+    </xwss:Sign>
+    <xwss:UsernameToken digestPassword="false" useNonce="false"/>
+</xwss:SecurityConfiguration>

data/domains/domain1/config/wss-server-config-2.0.xml

@@ -0,0 +1,94 @@
+<!--
+Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
+-->
+<!--
+ This server side config file pairs with wss-client-config-2.0.xml on the client 
+ and supports the following UseCases:
+ Usecase 2: Encrypted UsernameToken
+ Usecase 3: Encrypted UsernameToken and MessageBody 
+ Usecase 4: Response Encryption Key Learnt from Incoming Message
+
+ Certificate Alias Information :
+ 1. A certificateAlias under the <xwss:Encrypt> element signifies the certificate
+    of the recipient of the message.
+ 2. A certificateAlias under the <xwss:Sign> element signifies the certificate of the
+    sender.
+                                                                                                                                               
+ NOTE:
+                                                                                                                                               
+   1. the certificateAlias has the above meaning for all the Sign and Encrypt elements below
+   2. there are several Sign and Encrypt elements below and similarly several RequireSignature and
+      RequireEncryption elements. Which of them would be actually used at runtime will depend on
+      the AuthPolicy passed to the module.
+                                                                                                                                               
+      For Example : if Auth-Source=Sender then only the <xwss:UsernameToken> elements will be used
+      and none of the <xwss:Sign> elements will be used.
+      If Auth-Source=Content then the <xwss:Sign> element will be used
+                                                                                                                                               
+   3.  The different variations of <xwss:Encrypt> elements in this configuration file are to accomodate
+       default encryption of the UsernameToken.
+                                                                                                                                               
+   4.  The actual certificate alias to be used for any Signature operation can be modified during AuthModule
+       initialization by setting the alias as the value of "signature.key.alias" property in the Module Options Map.
+   5.  The actual certificate alias to be used for any Encrypt operation can be modified during AuthModule
+       initialization by setting the alias as the value of "encryption.key.alias" property in the Module Options Map.
+                                                                                                                                               
+   6. Debug Dumping of Messages can be enabled by setting the "debug" property in the Module Options Map to "true" during
+      AuthModule initialization.
+   7. The Actual configuration file to be used by an Authmodule can be changed by setting the property "security.config" in
+      the Module Options Map to point to the configuration file location.
+   8. When the "security.config" property is not set during module initialization then a client auth module will use wss-client-config-2.0.xml
+      by default.
+   9. When the "security.config" property is not set during module initialization then a server auth module will use wss-server-config-2.0.xml
+      by default.
+
+-->
+<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" 
+                            dumpMessages="false">
+    <xwss:Timestamp/>
+    <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+    </xwss:Encrypt>    
+    <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+    </xwss:Encrypt>
+    <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:Encrypt>
+    <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+    </xwss:Encrypt>
+    <xwss:Sign>
+        <xwss:X509Token certificateAlias="s1as"/>
+    </xwss:Sign>
+    <xwss:UsernameToken digestPassword="false" useNonce="true"/>
+
+    <xwss:RequireUsernameToken nonceRequired="true" passwordDigestRequired="false"/>      
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireSignature>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:RequireSignature>     
+</xwss:SecurityConfiguration>

data/domains/domain1/docroot/index.html

@@ -0,0 +1,46 @@
+<!--Arbortext, Inc., 1988-2007, v.4002-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html lang="en">
+<!--
+DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+
+Copyright 2008 Sun Microsystems, Inc. All rights reserved.
+
+Use is subject to License Terms
+-->
+<head>
+<style type="text/css">  body{margin-top:0}   body,td,p,div,span,a,ul,ul li, ol, ol li, ol li b, dl,h1,h2,h3,h4,h5,h6,li {     font-family:geneva,helvetica,arial,"lucida sans",sans-serif;     font-size:10pt   }   h1 {font-size:18pt}   h2 {font-size:14pt}   h3 {font-size:12pt}   code,kbd,tt,pre {     font-family:monaco,courier,"courier new";     font-size:10pt;   }   li {padding-bottom: 8px}   p.copy, p.copy a {     font-family:geneva,helvetica,arial,"lucida sans",sans-serif;     font-size:8pt     }   p.copy {text-align: center}    table.grey1,tr.grey1,td.grey1{background:#f1f1f1}   th {     color:#ffffff;     font-family:geneva,helvetica,arial,"lucida sans",sans-serif;     font-size:12pt   }   td.insidehead {     font-weight:bold;     background:white;     text-align: left;   }   a {text-decoration:none; color:#3E6B8A}   a:visited{color:#917E9C}   a:hover {text-decoration:underline}   
+</style>
+<title>GlassFish v3 Application Server - Server Running</title>
+</head>
+<body bgcolor="#ffffff" text="#000000" link="#594fbf" vlink="#1005fb" alink="#333366"><br> <table width="100%" border="0" cellspacing="0" cellpadding="3">
+<tbody>
+<tr>
+<td align="right" valign="top"> <a href="http://www.sun.com">sun.com</a> </td>
+</tr>
+<tr>
+<td align="left" valign="top" bgcolor="#587993">       <font color="#ffffff">&nbsp;&nbsp;<b>GlassFish v3 Technology Preview 2</b></font>       </td>
+</tr>
+</tbody>
+</table>  <h1>Your Application Server is now running</h1> <p>To replace this page, overwrite the file <code>index.html</code> in the default document root folder of this server. The default document root folder is located at  <var>as-install</var><code>/domains/domain1/docroot</code>,
+where <var>as-install</var> is the Application Server installation directory.</p>
+<p>To manage the server, click <a href="/admin">here</a>.</p>
+<h2>Register the Application Server with Sun Connection now</h2><p>Use the Admin Console to register the Application Server with <a href="http://www.sun.com/service/sunconnection/index.jsp" target=" blank">Sun Connection
+</a>  now. Registration is optional, but as a registered user you receive benefits such as:</p><ul>
+<li>Patch information and bug updates</li>
+<li>Screencasts and tutorials</li>
+<li>News and events</li>
+<li>Support and training offerings</li>
+</ul><!--Get a Sun GlassFish Enterprise Server subscriptionTo benefit from powerful support for the commercial counterpart to GlassFish, the Sun GlassFish Enterprise Server, consider a Java System Application Server Subscription. This subscription provides a one-stop shop for products and services with immediate web access to software support with full indemnification, updates and upgrades, production and code support, training, and much more.--><h2>
+Install and update additional software components</h2><p>Use the <a href="http://wiki.updatecenter.java.net/Wiki.jsp?page=GettingStarted" target=" blank">Update Tool</a> to install and update additional technologies and frameworks such as:<!--a href="https://open-esb.dev.java.net/" target=" blank"Open ESB a -->
+</p><ul>
+<li><a href="https://metro.dev.java.net/" target="blank">Metro</a></li>
+<li><a href="https://jersey.dev.java.net/" target="blank">Jersey</a></li>
+<li><a href="https://ajax.dev.java.net/" target=" blank">jMaki</a></li>
+<li>JRuby runtime </li>
+</ul><p>The Update Tool is developed through the <a href="http://wiki.updatecenter.java.net/" target="blank">Update Center</a> project.</p><p>To improve the user experience and optimize offerings to users, Sun collects data about <a
+href="http://wiki.glassfish.java.net/gfwiki/Wiki.jsp?page=UsageMetrics" target=" blank">GlassFish usage</a> that is transmitted by the Update Center installer client as part of the automatic update processes. No personally identifiable information is collected by this process.</p><h2>Join the
+GlassFish community</h2><p>Visit the <a href="http://java.sun.com/javaee/glassfish/" target=" blank">GlassFish Community</a>  page for information about how to join the GlassFish community. The GlassFish community is developing a free, open source, production-quality, enterprise-class application
+ server that implements the newest features of the Java&trade; Platform, Enterprise Edition (Java EE) platform and related enterprise technologies.</p><h2>Learn more about the Application Server</h2><p>For more information about the Application Server, <!--samples, documentation, and additional resources,
+see <var>as-install</var><code>/docs/about.html</code>,  where <var>as-install</var> is the Application Server installation directory-->see the <a href="http://docs.sun.com/coll/1343.7" target="_blank">online product documentation</a>.</p><hr style="width: 80%; height: 2px;">  <p class="copy"><a href="http://www.sun.com/company/">Company Info</a> &nbsp;&nbsp;|&nbsp;&nbsp; <a
+href="http://www.sun.com/contact/">Contact</a> &nbsp;&nbsp;|&nbsp;&nbsp; Copyright 2008 Sun Microsystems</p></body></html>

data/lib/appclient/appclientlogin.conf

@@ -0,0 +1,10 @@
+/*  Copyright 2004 Sun Microsystems, Inc.  All rights reserved.    */
+/*  SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */
+
+default {
+	com.sun.enterprise.security.auth.login.ClientPasswordLoginModule required debug=false;
+};
+
+certificate {
+	com.sun.enterprise.security.auth.login.ClientCertificateLoginModule required debug=false;
+};

data/lib/appclient/client.policy

@@ -0,0 +1,79 @@
+//
+// The contents of this file are subject to the terms 
+// of the Common Development and Distribution License 
+// (the "License").  You may not use this file except 
+// in compliance with the License.
+// 
+// You can obtain a copy of the license at 
+// glassfish/bootstrap/legal/CDDLv1.0.txt or 
+// https://glassfish.dev.java.net/public/CDDLv1.0.html. 
+// See the License for the specific language governing 
+// permissions and limitations under the License.
+// 
+// When distributing Covered Code, include this CDDL 
+// HEADER in each file and include the License file at 
+// glassfish/bootstrap/legal/CDDLv1.0.txt.  If applicable, 
+// add the following below this CDDL HEADER, with the 
+// fields enclosed by brackets "[]" replaced with your 
+// own identifying information: Portions Copyright [yyyy] 
+// [name of copyright owner]
+//
+
+/*  Copyright 2004 Sun Microsystems, Inc.  All rights reserved.    */
+/*  SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */
+
+//core server classes get all permissions by default
+grant codeBase "file:${com.sun.aas.installRoot}/lib/-" {
+	permission java.security.AllPermission;
+};
+
+//iMQ classes get all permissions by default
+grant codeBase "file:${com.sun.aas.imqLib}/-" {
+	permission java.security.AllPermission;
+};
+
+// Standard extensions get all permissions by default
+grant codeBase "file:${java.home}/lib/ext/-" {
+	permission java.security.AllPermission;
+};
+
+grant codeBase "file:${java.home}/../lib/tools.jar" {
+        permission java.security.AllPermission;
+};
+
+
+
+// default permissions granted to all domains
+grant { 
+	permission java.lang.RuntimePermission "loadLibrary.*";
+	permission java.lang.RuntimePermission "accessClassInPackage.*";
+	permission java.lang.RuntimePermission "exitVM";
+	permission java.lang.RuntimePermission "queuePrintJob";
+	permission java.lang.RuntimePermission "modifyThreadGroup";
+
+	permission java.awt.AWTPermission "accessClipboard";
+	permission java.awt.AWTPermission "accessEventQueue";
+	permission java.awt.AWTPermission "showWindowWithoutWarningBanner";
+
+	permission java.io.FilePermission "<<ALL FILES>>", "read,write";
+
+	permission java.net.SocketPermission "*", "connect,accept,resolve";
+	permission java.net.SocketPermission "localhost:1024-", "accept,listen";
+
+	// "standard" properies that can be read by anyone
+	permission java.util.PropertyPermission "*", "read";
+
+	// setting the JSSE provider for lazy authentication of app. clients.
+	// Please do not change it.
+	permission java.security.SecurityPermission "putProviderProperty.SunJSSE";
+	permission java.security.SecurityPermission "insertProvider.SunJSSE";
+
+        permission java.util.logging.LoggingPermission  "control";
+        //permission java.lang.RuntimePermission      "setSecurityManager";
+};
+
+
+
+
+
+

data/lib/appclient/wss-client-config-1.0.xml

@@ -0,0 +1,84 @@
+<!--
+Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
+-->
+<!--
+ This client side config file pairs with wss-server-config-1.0.xml on the server
+ and supports the following UseCases:
+ Usecase 1: Authentication by Protected UsernameToken
+ Usecase 3: Encrypted UsernameToken and MessageBody
+ Usecase 4: Response Encryption Key Learnt from Incoming Message
+
+ Certificate Alias Information :
+ 1. A certificateAlias under the <xwss:Encrypt> element signifies the certificate
+    of the recipient of the message.
+ 2. A certificateAlias under the <xwss:Sign> element signifies the certificate of the
+    sender.
+
+ NOTE: 
+
+   1. the certificateAlias has the above meaning for all the Sign and Encrypt elements below
+   2. there are several Sign and Encrypt elements below and similarly several RequireSignature and
+      RequireEncryption elements. Which of them would be actually used at runtime will depend on
+      the AuthPolicy passed to the module.
+
+      For Example : if Auth-Source=Sender then only the <xwss:UsernameToken> elements will be used
+      and none of the <xwss:Sign> elements will be used.
+      If Auth-Source=Content then the <xwss:Sign> element will be used
+
+   3.  The different variations of <xwss:Encrypt> elements in this configuration file are to accomodate
+       default encryption of the UsernameToken.
+
+   4.  The actual certificate alias to be used for any Signature operation can be modified during AuthModule
+       initialization by setting the alias as the value of "signature.key.alias" property in the Module Options Map.
+   5.  The actual certificate alias to be used for any Encrypt operation can be modified during AuthModule
+       initialization by setting the alias as the value of "encryption.key.alias" property in the Module Options Map.
+
+   6. Debug Dumping of Messages can be enabled by setting the "debug" property in the Module Options Map to "true" during
+      AuthModule initialization.
+   7. The Actual configuration file to be used by an Authmodule can be changed by setting the property "security.config" in
+      the Module Options Map to point to the configuration file location. 
+   8. When the "security.config" property is not set during module initialization then a client auth module will use wss-client-config-2.0.xml
+      by default.
+   9. When the "security.config" property is not set during module initialization then a server auth module will use wss-server-config-2.0.xml by default.
+  10. The property "dynamic.username.password" when set during module initialization to "true" will signal the provider runtime to collect the username and password from the CallbackHandler for each request. When this property is set to "false" or if the property is not set then the username and password for  wsse:UsernameToken(s) is collected once during Module Initialization.
+-->
+
+<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" 
+                            dumpMessages="false">                           
+    <xwss:Timestamp/>
+    <xwss:RequireUsernameToken nonceRequired="false" passwordDigestRequired="false"/>   
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireSignature>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:RequireSignature>     
+    <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+    </xwss:Encrypt>    
+     <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:Encrypt>
+    <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+    </xwss:Encrypt>
+    <xwss:Sign>
+        <xwss:X509Token certificateAlias="s1as"/>
+    </xwss:Sign>
+    <xwss:UsernameToken digestPassword="false" useNonce="false"/>
+</xwss:SecurityConfiguration>