<?xml version='1.0' encoding='UTF-8' ?>

<!--Generated by XML Authority-->

<!-- The root element of the security-policy document. A security policy document represents a
union of the Java2 codebase+signers and JAAS subject+codebased+signers policy files. The
org.jboss.security.SecurityPolicy class parses a security-policy document using the 
org.jboss.security.SecurityPolicyParser and implements both the java.security.Policy and
javax.security.auth.Policy interfaces.
-->
<!ELEMENT application-policy (keystore? , authentication? , authorization?)>

<!ATTLIST application-policy  name CDATA  'other' >
<!-- A grant element grants the indicated permissions -->
<!ELEMENT grant (principal* , permission+)>

<!ATTLIST grant  codebase CDATA  #IMPLIED
                   signedby CDATA  #IMPLIED >
<!-- A principal element represents a named principal. The code attribute is a class that implements
the java.security.Principal interface. The name attribute corresponds to the Principal#getName()
value.
-->
<!ELEMENT principal EMPTY>

<!ATTLIST principal  code CDATA  #REQUIRED
                       name CDATA  #REQUIRED >
<!-- The permission element represents a java.security.Permission implementation. Its code
attribute is the name of the class that implements the java.security.Permission  interface.
-->
<!ELEMENT permission EMPTY>

<!ATTLIST permission  code     CDATA  #REQUIRED
                        actions  CDATA  #IMPLIED
                        name     CDATA  #REQUIRED
                        signedby CDATA  #IMPLIED >
<!-- The target element is the optional target-name of its parent permission element. It is the
string that the java.security.Prinicpal#getName() method returns.
-->
<!ELEMENT target (#PCDATA)>

<!-- The actions element represents the optional actions of its parent permission element. It is the
string that the java.security.Principal#getActions() method returns.
-->
<!ELEMENT actions (#PCDATA)>

<!ELEMENT keystore EMPTY>

<!ATTLIST keystore  href CDATA  '.keystore'
                      type CDATA  'JKS' >
<!ELEMENT authentication (login-module+)>

<!ELEMENT authorization (grant+)>

<!ELEMENT login-module (module-option*)>

<!ATTLIST login-module  code CDATA  #REQUIRED
                          flag  (required | requisite | sufficient | optional )  'required' >
<!ELEMENT module-option (#PCDATA)>

<!ATTLIST module-option  name CDATA  #REQUIRED >
<!ELEMENT policy (application-policy+)>

