doc: some notes on the property permissions

MovingBlocks · Aug 27, 2021 · fd32176 · fd32176
1 parent af755f6
commit fd32176
Showing 1 changed file with 13 additions and 7 deletions.
diff --git a/engine/src/main/java/org/terasology/engine/core/module/ModuleManager.java b/engine/src/main/java/org/terasology/engine/core/module/ModuleManager.java
@@ -253,13 +253,19 @@ private void setupSandbox() {
         permissionSet.grantPermission("com.google.gson", ReflectPermission.class);
         permissionSet.grantPermission("com.google.gson.internal", ReflectPermission.class);
 
-        // reactor property permission
-        permissionSet.grantPermission(new PropertyPermission("reactor.bufferSize.x", "read"));
-        permissionSet.grantPermission(new PropertyPermission("reactor.bufferSize.small", "read"));
-        permissionSet.grantPermission(new PropertyPermission("reactor.trace.operatorStacktrace", "read"));
-        permissionSet.grantPermission(new PropertyPermission("reactor.schedulers.defaultPoolSize", "read"));
-        permissionSet.grantPermission(new PropertyPermission("reactor.schedulers.defaultBoundedElasticSize", "read"));
-        permissionSet.grantPermission(new PropertyPermission("reactor.schedulers.defaultBoundedElasticQueueSize", "read"));
+        //noinspection ConstantConditions - this reference is to help find this if this method gets separated from the reactor dependency
+        if (reactor.core.scheduler.Scheduler.class != null) {
+            // In theory, PropertyPermission has wildcard matching and "reactor.*" should be sufficient to grant read access to all
+            // reactor configuration properties.
+            permissionSet.grantPermission(new PropertyPermission("reactor.*", "read"));
+            // In practice, the permission checks fail unless these are each named explicitly.
+            permissionSet.grantPermission(new PropertyPermission("reactor.bufferSize.x", "read"));
+            permissionSet.grantPermission(new PropertyPermission("reactor.bufferSize.small", "read"));
+            permissionSet.grantPermission(new PropertyPermission("reactor.trace.operatorStacktrace", "read"));
+            permissionSet.grantPermission(new PropertyPermission("reactor.schedulers.defaultPoolSize", "read"));
+            permissionSet.grantPermission(new PropertyPermission("reactor.schedulers.defaultBoundedElasticSize", "read"));
+            permissionSet.grantPermission(new PropertyPermission("reactor.schedulers.defaultBoundedElasticQueueSize", "read"));
+        }
 
         Policy.setPolicy(new ModuleSecurityPolicy());
         System.setSecurityManager(new ModuleSecurityManager());