From 7588593db3d314558c0bd26654df43e113462cc8 Mon Sep 17 00:00:00 2001 From: Andrey Pleskach Date: Mon, 13 Nov 2023 21:41:00 +0100 Subject: [PATCH] Remove duplicate permissions (#3690) ### Description Permission: `permission java.util.PropertyPermission "*", "read,write";` was declared twice. Observed here: https://github.com/opensearch-project/security/pull/3671 I will backport it in my PR. ### Testing [Please provide details of testing done: unit testing, integration testing and manual testing] ### Check List - [ ] New functionality includes testing - [ ] New functionality has been documented - [ ] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: Andrey Pleskach --- plugin-security.policy | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin-security.policy b/plugin-security.policy index 65b6b22fee..2969e47b04 100644 --- a/plugin-security.policy +++ b/plugin-security.policy @@ -34,6 +34,8 @@ grant { permission javax.security.auth.AuthPermission "modifyPrivateCredentials"; permission javax.security.auth.AuthPermission "doAs"; permission javax.security.auth.kerberos.ServicePermission "*","accept"; + + //SAML and internal plugin policy permission java.util.PropertyPermission "*","read,write"; //Enable when we switch to UnboundID LDAP SDK @@ -74,8 +76,6 @@ grant { //Enable this permission to debug unauthorized de-serialization attempt //permission java.io.SerializablePermission "enableSubstitution"; - //SAML policy - permission java.util.PropertyPermission "*", "read,write"; }; grant codeBase "${codebase.netty-common}" {