rubyfox-server 2.16.0.0 → 2.16.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/rubyfox/server/data/lib/apache-tomcat/LICENSE +1061 -1061
- data/lib/rubyfox/server/data/lib/apache-tomcat/NOTICE +68 -68
- data/lib/rubyfox/server/data/lib/apache-tomcat/README.md +79 -79
- data/lib/rubyfox/server/data/lib/apache-tomcat/RELEASE-NOTES +174 -173
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/bootstrap.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/catalina-tasks.xml +39 -39
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/catalina.bat +27 -13
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/catalina.sh +55 -14
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/ciphers.bat +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/commons-daemon-native.tar.gz +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/commons-daemon.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/configtest.bat +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/daemon.sh +54 -36
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/digest.bat +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/makebase.bat +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/setclasspath.bat +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/shutdown.bat +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/startup.bat +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/tomcat-juli.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/tomcat-native.tar.gz +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/tool-wrapper.bat +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/tool-wrapper.sh +4 -4
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/version.bat +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/catalina.policy +259 -259
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/catalina.properties +206 -205
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/context.xml +31 -31
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/jaspic-providers.xml +23 -23
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/jaspic-providers.xsd +52 -52
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/logging.properties +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/server.xml +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/tomcat-users.xml +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/tomcat-users.xsd +59 -59
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/web.xml +4733 -4737
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/annotations-api.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/catalina-ant.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/catalina-ha.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/catalina-ssi.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/catalina-storeconfig.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/catalina-tribes.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/catalina.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/ecj-4.15.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/el-api.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/jasper-el.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/jasper.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/jaspic-api.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/jsp-api.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/servlet-api.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-api.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-coyote.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-dbcp.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-i18n-cs.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-i18n-de.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-i18n-es.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-i18n-fr.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-i18n-ja.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-i18n-ko.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-i18n-pt-BR.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-i18n-ru.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-i18n-zh-CN.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-jdbc.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-jni.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-util-scan.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-util.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-websocket.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/websocket-api.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/temp/safeToDelete.tmp +0 -0
- data/lib/rubyfox/server/version.rb +1 -1
- metadata +4 -3
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/ecj-4.12.jar +0 -0
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
Binary file
|
Binary file
|
File without changes
|
@@ -146,8 +146,8 @@ JAVA_OPTS="$JAVA_OPTS -Djava.util.logging.manager=org.apache.juli.ClassLoaderLog
|
|
146
146
|
|
147
147
|
# ----- Execute The Requested Command -----------------------------------------
|
148
148
|
|
149
|
-
exec "$_RUNJAVA" $JAVA_OPTS $TOOL_OPTS \
|
150
|
-
-D$ENDORSED_PROP="$JAVA_ENDORSED_DIRS" \
|
151
|
-
-classpath "$CLASSPATH" \
|
152
|
-
-Dcatalina.home="$CATALINA_HOME" \
|
149
|
+
eval exec "\"$_RUNJAVA\"" "$JAVA_OPTS" "$TOOL_OPTS" \
|
150
|
+
-D$ENDORSED_PROP="\"$JAVA_ENDORSED_DIRS\"" \
|
151
|
+
-classpath "\"$CLASSPATH\"" \
|
152
|
+
-Dcatalina.home="\"$CATALINA_HOME\"" \
|
153
153
|
org.apache.catalina.startup.Tool "$@"
|
File without changes
|
@@ -1,260 +1,260 @@
|
|
1
|
-
// Licensed to the Apache Software Foundation (ASF) under one or more
|
2
|
-
// contributor license agreements. See the NOTICE file distributed with
|
3
|
-
// this work for additional information regarding copyright ownership.
|
4
|
-
// The ASF licenses this file to You under the Apache License, Version 2.0
|
5
|
-
// (the "License"); you may not use this file except in compliance with
|
6
|
-
// the License. You may obtain a copy of the License at
|
7
|
-
//
|
8
|
-
// http://www.apache.org/licenses/LICENSE-2.0
|
9
|
-
//
|
10
|
-
// Unless required by applicable law or agreed to in writing, software
|
11
|
-
// distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
-
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
-
// See the License for the specific language governing permissions and
|
14
|
-
// limitations under the License.
|
15
|
-
|
16
|
-
// ============================================================================
|
17
|
-
// catalina.policy - Security Policy Permissions for Tomcat
|
18
|
-
//
|
19
|
-
// This file contains a default set of security policies to be enforced (by the
|
20
|
-
// JVM) when Catalina is executed with the "-security" option. In addition
|
21
|
-
// to the permissions granted here, the following additional permissions are
|
22
|
-
// granted to each web application:
|
23
|
-
//
|
24
|
-
// * Read access to the web application's document root directory
|
25
|
-
// * Read, write and delete access to the web application's working directory
|
26
|
-
// ============================================================================
|
27
|
-
|
28
|
-
|
29
|
-
// ========== SYSTEM CODE PERMISSIONS =========================================
|
30
|
-
|
31
|
-
|
32
|
-
// These permissions apply to javac
|
33
|
-
grant codeBase "file:${java.home}/lib/-" {
|
34
|
-
permission java.security.AllPermission;
|
35
|
-
};
|
36
|
-
|
37
|
-
// These permissions apply to all shared system extensions
|
38
|
-
grant codeBase "file:${java.home}/jre/lib/ext/-" {
|
39
|
-
permission java.security.AllPermission;
|
40
|
-
};
|
41
|
-
|
42
|
-
// These permissions apply to javac when ${java.home
|
43
|
-
grant codeBase "file:${java.home}/../lib/-" {
|
44
|
-
permission java.security.AllPermission;
|
45
|
-
};
|
46
|
-
|
47
|
-
// These permissions apply to all shared system extensions when
|
48
|
-
// ${java.home} points at $JAVA_HOME/jre
|
49
|
-
grant codeBase "file:${java.home}/lib/ext/-" {
|
50
|
-
permission java.security.AllPermission;
|
51
|
-
};
|
52
|
-
|
53
|
-
|
54
|
-
// ========== CATALINA CODE PERMISSIONS =======================================
|
55
|
-
|
56
|
-
|
57
|
-
// These permissions apply to the daemon code
|
58
|
-
grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
|
59
|
-
permission java.security.AllPermission;
|
60
|
-
};
|
61
|
-
|
62
|
-
// These permissions apply to the logging API
|
63
|
-
// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home},
|
64
|
-
// update this section accordingly.
|
65
|
-
// grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..}
|
66
|
-
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
|
67
|
-
permission java.io.FilePermission
|
68
|
-
"${java.home}${file.separator}lib${file.separator}logging.properties", "read";
|
69
|
-
|
70
|
-
permission java.io.FilePermission
|
71
|
-
"${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
|
72
|
-
permission java.io.FilePermission
|
73
|
-
"${catalina.base}${file.separator}logs", "read, write";
|
74
|
-
permission java.io.FilePermission
|
75
|
-
"${catalina.base}${file.separator}logs${file.separator}*", "read, write, delete";
|
76
|
-
|
77
|
-
permission java.lang.RuntimePermission "shutdownHooks";
|
78
|
-
permission java.lang.RuntimePermission "getClassLoader";
|
79
|
-
permission java.lang.RuntimePermission "setContextClassLoader";
|
80
|
-
|
81
|
-
permission java.lang.management.ManagementPermission "monitor";
|
82
|
-
|
83
|
-
permission java.util.logging.LoggingPermission "control";
|
84
|
-
|
85
|
-
permission java.util.PropertyPermission "java.util.logging.config.class", "read";
|
86
|
-
permission java.util.PropertyPermission "java.util.logging.config.file", "read";
|
87
|
-
permission java.util.PropertyPermission "org.apache.juli.AsyncLoggerPollInterval", "read";
|
88
|
-
permission java.util.PropertyPermission "org.apache.juli.AsyncMaxRecordCount", "read";
|
89
|
-
permission java.util.PropertyPermission "org.apache.juli.AsyncOverflowDropType", "read";
|
90
|
-
permission java.util.PropertyPermission "org.apache.juli.ClassLoaderLogManager.debug", "read";
|
91
|
-
permission java.util.PropertyPermission "catalina.base", "read";
|
92
|
-
|
93
|
-
// Note: To enable per context logging configuration, permit read access to
|
94
|
-
// the appropriate file. Be sure that the logging configuration is
|
95
|
-
// secure before enabling such access.
|
96
|
-
// E.g. for the examples web application (uncomment and unwrap
|
97
|
-
// the following to be on a single line):
|
98
|
-
// permission java.io.FilePermission "${catalina.base}${file.separator}
|
99
|
-
// webapps${file.separator}examples${file.separator}WEB-INF
|
100
|
-
// ${file.separator}classes${file.separator}logging.properties", "read";
|
101
|
-
};
|
102
|
-
|
103
|
-
// These permissions apply to the server startup code
|
104
|
-
grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
|
105
|
-
permission java.security.AllPermission;
|
106
|
-
};
|
107
|
-
|
108
|
-
// These permissions apply to the servlet API classes
|
109
|
-
// and those that are shared across all class loaders
|
110
|
-
// located in the "lib" directory
|
111
|
-
grant codeBase "file:${catalina.home}/lib/-" {
|
112
|
-
permission java.security.AllPermission;
|
113
|
-
};
|
114
|
-
|
115
|
-
|
116
|
-
// If using a per instance lib directory, i.e. ${catalina.base}/lib,
|
117
|
-
// then the following permission will need to be uncommented
|
118
|
-
// grant codeBase "file:${catalina.base}/lib/-" {
|
119
|
-
// permission java.security.AllPermission;
|
120
|
-
// };
|
121
|
-
|
122
|
-
|
123
|
-
// ========== WEB APPLICATION PERMISSIONS =====================================
|
124
|
-
|
125
|
-
|
126
|
-
// These permissions are granted by default to all web applications
|
127
|
-
// In addition, a web application will be given a read FilePermission
|
128
|
-
// for all files and directories in its document root.
|
129
|
-
grant {
|
130
|
-
// Required for JNDI lookup of named JDBC DataSource's and
|
131
|
-
// javamail named MimePart DataSource used to send mail
|
132
|
-
permission java.util.PropertyPermission "java.home", "read";
|
133
|
-
permission java.util.PropertyPermission "java.naming.*", "read";
|
134
|
-
permission java.util.PropertyPermission "javax.sql.*", "read";
|
135
|
-
|
136
|
-
// OS Specific properties to allow read access
|
137
|
-
permission java.util.PropertyPermission "os.name", "read";
|
138
|
-
permission java.util.PropertyPermission "os.version", "read";
|
139
|
-
permission java.util.PropertyPermission "os.arch", "read";
|
140
|
-
permission java.util.PropertyPermission "file.separator", "read";
|
141
|
-
permission java.util.PropertyPermission "path.separator", "read";
|
142
|
-
permission java.util.PropertyPermission "line.separator", "read";
|
143
|
-
|
144
|
-
// JVM properties to allow read access
|
145
|
-
permission java.util.PropertyPermission "java.version", "read";
|
146
|
-
permission java.util.PropertyPermission "java.vendor", "read";
|
147
|
-
permission java.util.PropertyPermission "java.vendor.url", "read";
|
148
|
-
permission java.util.PropertyPermission "java.class.version", "read";
|
149
|
-
permission java.util.PropertyPermission "java.specification.version", "read";
|
150
|
-
permission java.util.PropertyPermission "java.specification.vendor", "read";
|
151
|
-
permission java.util.PropertyPermission "java.specification.name", "read";
|
152
|
-
|
153
|
-
permission java.util.PropertyPermission "java.vm.specification.version", "read";
|
154
|
-
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
|
155
|
-
permission java.util.PropertyPermission "java.vm.specification.name", "read";
|
156
|
-
permission java.util.PropertyPermission "java.vm.version", "read";
|
157
|
-
permission java.util.PropertyPermission "java.vm.vendor", "read";
|
158
|
-
permission java.util.PropertyPermission "java.vm.name", "read";
|
159
|
-
|
160
|
-
// Required for OpenJMX
|
161
|
-
permission java.lang.RuntimePermission "getAttribute";
|
162
|
-
|
163
|
-
// Allow read of JAXP compliant XML parser debug
|
164
|
-
permission java.util.PropertyPermission "jaxp.debug", "read";
|
165
|
-
|
166
|
-
// All JSPs need to be able to read this package
|
167
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat";
|
168
|
-
|
169
|
-
// Precompiled JSPs need access to these packages.
|
170
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
|
171
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
|
172
|
-
permission java.lang.RuntimePermission
|
173
|
-
"accessClassInPackage.org.apache.jasper.runtime.*";
|
174
|
-
|
175
|
-
// Applications using WebSocket need to be able to access these packages
|
176
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket";
|
177
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket.server";
|
178
|
-
};
|
179
|
-
|
180
|
-
|
181
|
-
// The Manager application needs access to the following packages to support the
|
182
|
-
// session display functionality. It also requires the custom Tomcat
|
183
|
-
// DeployXmlPermission to enable the use of META-INF/context.xml
|
184
|
-
// These settings support the following configurations:
|
185
|
-
// - default CATALINA_HOME == CATALINA_BASE
|
186
|
-
// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE
|
187
|
-
// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME
|
188
|
-
grant codeBase "file:${catalina.base}/webapps/manager/-" {
|
189
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
|
190
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
|
191
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
|
192
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
|
193
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
|
194
|
-
permission org.apache.catalina.security.DeployXmlPermission "manager";
|
195
|
-
};
|
196
|
-
grant codeBase "file:${catalina.home}/webapps/manager/-" {
|
197
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
|
198
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
|
199
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
|
200
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
|
201
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
|
202
|
-
permission org.apache.catalina.security.DeployXmlPermission "manager";
|
203
|
-
};
|
204
|
-
|
205
|
-
// The Host Manager application needs the custom Tomcat DeployXmlPermission to
|
206
|
-
// enable the use of META-INF/context.xml
|
207
|
-
// These settings support the following configurations:
|
208
|
-
// - default CATALINA_HOME == CATALINA_BASE
|
209
|
-
// - CATALINA_HOME != CATALINA_BASE, per instance Host Manager in CATALINA_BASE
|
210
|
-
// - CATALINA_HOME != CATALINA_BASE, shared Host Manager in CATALINA_HOME
|
211
|
-
grant codeBase "file:${catalina.base}/webapps/host-manager/-" {
|
212
|
-
permission org.apache.catalina.security.DeployXmlPermission "host-manager";
|
213
|
-
};
|
214
|
-
grant codeBase "file:${catalina.home}/webapps/host-manager/-" {
|
215
|
-
permission org.apache.catalina.security.DeployXmlPermission "host-manager";
|
216
|
-
};
|
217
|
-
|
218
|
-
|
219
|
-
// You can assign additional permissions to particular web applications by
|
220
|
-
// adding additional "grant" entries here, based on the code base for that
|
221
|
-
// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
|
222
|
-
//
|
223
|
-
// Different permissions can be granted to JSP pages, classes loaded from
|
224
|
-
// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/
|
225
|
-
// directory, or even to individual jar files in the /WEB-INF/lib/ directory.
|
226
|
-
//
|
227
|
-
// For instance, assume that the standard "examples" application
|
228
|
-
// included a JDBC driver that needed to establish a network connection to the
|
229
|
-
// corresponding database and used the scrape taglib to get the weather from
|
230
|
-
// the NOAA web server. You might create a "grant" entries like this:
|
231
|
-
//
|
232
|
-
// The permissions granted to the context root directory apply to JSP pages.
|
233
|
-
// grant codeBase "file:${catalina.base}/webapps/examples/-" {
|
234
|
-
// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
|
235
|
-
// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
|
236
|
-
// };
|
237
|
-
//
|
238
|
-
// The permissions granted to the context WEB-INF/classes directory
|
239
|
-
// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" {
|
240
|
-
// };
|
241
|
-
//
|
242
|
-
// The permission granted to your JDBC driver
|
243
|
-
// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
|
244
|
-
// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
|
245
|
-
// };
|
246
|
-
// The permission granted to the scrape taglib
|
247
|
-
// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
|
248
|
-
// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
|
249
|
-
// };
|
250
|
-
|
251
|
-
// To grant permissions for web applications using packed WAR files, use the
|
252
|
-
// Tomcat specific WAR url scheme.
|
253
|
-
//
|
254
|
-
// The permissions granted to the entire web application
|
255
|
-
// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/-" {
|
256
|
-
// };
|
257
|
-
//
|
258
|
-
// The permissions granted to a specific JAR
|
259
|
-
// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/WEB-INF/lib/foo.jar" {
|
1
|
+
// Licensed to the Apache Software Foundation (ASF) under one or more
|
2
|
+
// contributor license agreements. See the NOTICE file distributed with
|
3
|
+
// this work for additional information regarding copyright ownership.
|
4
|
+
// The ASF licenses this file to You under the Apache License, Version 2.0
|
5
|
+
// (the "License"); you may not use this file except in compliance with
|
6
|
+
// the License. You may obtain a copy of the License at
|
7
|
+
//
|
8
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
//
|
10
|
+
// Unless required by applicable law or agreed to in writing, software
|
11
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
// See the License for the specific language governing permissions and
|
14
|
+
// limitations under the License.
|
15
|
+
|
16
|
+
// ============================================================================
|
17
|
+
// catalina.policy - Security Policy Permissions for Tomcat
|
18
|
+
//
|
19
|
+
// This file contains a default set of security policies to be enforced (by the
|
20
|
+
// JVM) when Catalina is executed with the "-security" option. In addition
|
21
|
+
// to the permissions granted here, the following additional permissions are
|
22
|
+
// granted to each web application:
|
23
|
+
//
|
24
|
+
// * Read access to the web application's document root directory
|
25
|
+
// * Read, write and delete access to the web application's working directory
|
26
|
+
// ============================================================================
|
27
|
+
|
28
|
+
|
29
|
+
// ========== SYSTEM CODE PERMISSIONS =========================================
|
30
|
+
|
31
|
+
|
32
|
+
// These permissions apply to javac
|
33
|
+
grant codeBase "file:${java.home}/lib/-" {
|
34
|
+
permission java.security.AllPermission;
|
35
|
+
};
|
36
|
+
|
37
|
+
// These permissions apply to all shared system extensions
|
38
|
+
grant codeBase "file:${java.home}/jre/lib/ext/-" {
|
39
|
+
permission java.security.AllPermission;
|
40
|
+
};
|
41
|
+
|
42
|
+
// These permissions apply to javac when ${java.home} points at $JAVA_HOME/jre
|
43
|
+
grant codeBase "file:${java.home}/../lib/-" {
|
44
|
+
permission java.security.AllPermission;
|
45
|
+
};
|
46
|
+
|
47
|
+
// These permissions apply to all shared system extensions when
|
48
|
+
// ${java.home} points at $JAVA_HOME/jre
|
49
|
+
grant codeBase "file:${java.home}/lib/ext/-" {
|
50
|
+
permission java.security.AllPermission;
|
51
|
+
};
|
52
|
+
|
53
|
+
|
54
|
+
// ========== CATALINA CODE PERMISSIONS =======================================
|
55
|
+
|
56
|
+
|
57
|
+
// These permissions apply to the daemon code
|
58
|
+
grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
|
59
|
+
permission java.security.AllPermission;
|
60
|
+
};
|
61
|
+
|
62
|
+
// These permissions apply to the logging API
|
63
|
+
// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home},
|
64
|
+
// update this section accordingly.
|
65
|
+
// grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..}
|
66
|
+
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
|
67
|
+
permission java.io.FilePermission
|
68
|
+
"${java.home}${file.separator}lib${file.separator}logging.properties", "read";
|
69
|
+
|
70
|
+
permission java.io.FilePermission
|
71
|
+
"${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
|
72
|
+
permission java.io.FilePermission
|
73
|
+
"${catalina.base}${file.separator}logs", "read, write";
|
74
|
+
permission java.io.FilePermission
|
75
|
+
"${catalina.base}${file.separator}logs${file.separator}*", "read, write, delete";
|
76
|
+
|
77
|
+
permission java.lang.RuntimePermission "shutdownHooks";
|
78
|
+
permission java.lang.RuntimePermission "getClassLoader";
|
79
|
+
permission java.lang.RuntimePermission "setContextClassLoader";
|
80
|
+
|
81
|
+
permission java.lang.management.ManagementPermission "monitor";
|
82
|
+
|
83
|
+
permission java.util.logging.LoggingPermission "control";
|
84
|
+
|
85
|
+
permission java.util.PropertyPermission "java.util.logging.config.class", "read";
|
86
|
+
permission java.util.PropertyPermission "java.util.logging.config.file", "read";
|
87
|
+
permission java.util.PropertyPermission "org.apache.juli.AsyncLoggerPollInterval", "read";
|
88
|
+
permission java.util.PropertyPermission "org.apache.juli.AsyncMaxRecordCount", "read";
|
89
|
+
permission java.util.PropertyPermission "org.apache.juli.AsyncOverflowDropType", "read";
|
90
|
+
permission java.util.PropertyPermission "org.apache.juli.ClassLoaderLogManager.debug", "read";
|
91
|
+
permission java.util.PropertyPermission "catalina.base", "read";
|
92
|
+
|
93
|
+
// Note: To enable per context logging configuration, permit read access to
|
94
|
+
// the appropriate file. Be sure that the logging configuration is
|
95
|
+
// secure before enabling such access.
|
96
|
+
// E.g. for the examples web application (uncomment and unwrap
|
97
|
+
// the following to be on a single line):
|
98
|
+
// permission java.io.FilePermission "${catalina.base}${file.separator}
|
99
|
+
// webapps${file.separator}examples${file.separator}WEB-INF
|
100
|
+
// ${file.separator}classes${file.separator}logging.properties", "read";
|
101
|
+
};
|
102
|
+
|
103
|
+
// These permissions apply to the server startup code
|
104
|
+
grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
|
105
|
+
permission java.security.AllPermission;
|
106
|
+
};
|
107
|
+
|
108
|
+
// These permissions apply to the servlet API classes
|
109
|
+
// and those that are shared across all class loaders
|
110
|
+
// located in the "lib" directory
|
111
|
+
grant codeBase "file:${catalina.home}/lib/-" {
|
112
|
+
permission java.security.AllPermission;
|
113
|
+
};
|
114
|
+
|
115
|
+
|
116
|
+
// If using a per instance lib directory, i.e. ${catalina.base}/lib,
|
117
|
+
// then the following permission will need to be uncommented
|
118
|
+
// grant codeBase "file:${catalina.base}/lib/-" {
|
119
|
+
// permission java.security.AllPermission;
|
120
|
+
// };
|
121
|
+
|
122
|
+
|
123
|
+
// ========== WEB APPLICATION PERMISSIONS =====================================
|
124
|
+
|
125
|
+
|
126
|
+
// These permissions are granted by default to all web applications
|
127
|
+
// In addition, a web application will be given a read FilePermission
|
128
|
+
// for all files and directories in its document root.
|
129
|
+
grant {
|
130
|
+
// Required for JNDI lookup of named JDBC DataSource's and
|
131
|
+
// javamail named MimePart DataSource used to send mail
|
132
|
+
permission java.util.PropertyPermission "java.home", "read";
|
133
|
+
permission java.util.PropertyPermission "java.naming.*", "read";
|
134
|
+
permission java.util.PropertyPermission "javax.sql.*", "read";
|
135
|
+
|
136
|
+
// OS Specific properties to allow read access
|
137
|
+
permission java.util.PropertyPermission "os.name", "read";
|
138
|
+
permission java.util.PropertyPermission "os.version", "read";
|
139
|
+
permission java.util.PropertyPermission "os.arch", "read";
|
140
|
+
permission java.util.PropertyPermission "file.separator", "read";
|
141
|
+
permission java.util.PropertyPermission "path.separator", "read";
|
142
|
+
permission java.util.PropertyPermission "line.separator", "read";
|
143
|
+
|
144
|
+
// JVM properties to allow read access
|
145
|
+
permission java.util.PropertyPermission "java.version", "read";
|
146
|
+
permission java.util.PropertyPermission "java.vendor", "read";
|
147
|
+
permission java.util.PropertyPermission "java.vendor.url", "read";
|
148
|
+
permission java.util.PropertyPermission "java.class.version", "read";
|
149
|
+
permission java.util.PropertyPermission "java.specification.version", "read";
|
150
|
+
permission java.util.PropertyPermission "java.specification.vendor", "read";
|
151
|
+
permission java.util.PropertyPermission "java.specification.name", "read";
|
152
|
+
|
153
|
+
permission java.util.PropertyPermission "java.vm.specification.version", "read";
|
154
|
+
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
|
155
|
+
permission java.util.PropertyPermission "java.vm.specification.name", "read";
|
156
|
+
permission java.util.PropertyPermission "java.vm.version", "read";
|
157
|
+
permission java.util.PropertyPermission "java.vm.vendor", "read";
|
158
|
+
permission java.util.PropertyPermission "java.vm.name", "read";
|
159
|
+
|
160
|
+
// Required for OpenJMX
|
161
|
+
permission java.lang.RuntimePermission "getAttribute";
|
162
|
+
|
163
|
+
// Allow read of JAXP compliant XML parser debug
|
164
|
+
permission java.util.PropertyPermission "jaxp.debug", "read";
|
165
|
+
|
166
|
+
// All JSPs need to be able to read this package
|
167
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat";
|
168
|
+
|
169
|
+
// Precompiled JSPs need access to these packages.
|
170
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
|
171
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
|
172
|
+
permission java.lang.RuntimePermission
|
173
|
+
"accessClassInPackage.org.apache.jasper.runtime.*";
|
174
|
+
|
175
|
+
// Applications using WebSocket need to be able to access these packages
|
176
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket";
|
177
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket.server";
|
178
|
+
};
|
179
|
+
|
180
|
+
|
181
|
+
// The Manager application needs access to the following packages to support the
|
182
|
+
// session display functionality. It also requires the custom Tomcat
|
183
|
+
// DeployXmlPermission to enable the use of META-INF/context.xml
|
184
|
+
// These settings support the following configurations:
|
185
|
+
// - default CATALINA_HOME == CATALINA_BASE
|
186
|
+
// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE
|
187
|
+
// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME
|
188
|
+
grant codeBase "file:${catalina.base}/webapps/manager/-" {
|
189
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
|
190
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
|
191
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
|
192
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
|
193
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
|
194
|
+
permission org.apache.catalina.security.DeployXmlPermission "manager";
|
195
|
+
};
|
196
|
+
grant codeBase "file:${catalina.home}/webapps/manager/-" {
|
197
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
|
198
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
|
199
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
|
200
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
|
201
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
|
202
|
+
permission org.apache.catalina.security.DeployXmlPermission "manager";
|
203
|
+
};
|
204
|
+
|
205
|
+
// The Host Manager application needs the custom Tomcat DeployXmlPermission to
|
206
|
+
// enable the use of META-INF/context.xml
|
207
|
+
// These settings support the following configurations:
|
208
|
+
// - default CATALINA_HOME == CATALINA_BASE
|
209
|
+
// - CATALINA_HOME != CATALINA_BASE, per instance Host Manager in CATALINA_BASE
|
210
|
+
// - CATALINA_HOME != CATALINA_BASE, shared Host Manager in CATALINA_HOME
|
211
|
+
grant codeBase "file:${catalina.base}/webapps/host-manager/-" {
|
212
|
+
permission org.apache.catalina.security.DeployXmlPermission "host-manager";
|
213
|
+
};
|
214
|
+
grant codeBase "file:${catalina.home}/webapps/host-manager/-" {
|
215
|
+
permission org.apache.catalina.security.DeployXmlPermission "host-manager";
|
216
|
+
};
|
217
|
+
|
218
|
+
|
219
|
+
// You can assign additional permissions to particular web applications by
|
220
|
+
// adding additional "grant" entries here, based on the code base for that
|
221
|
+
// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
|
222
|
+
//
|
223
|
+
// Different permissions can be granted to JSP pages, classes loaded from
|
224
|
+
// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/
|
225
|
+
// directory, or even to individual jar files in the /WEB-INF/lib/ directory.
|
226
|
+
//
|
227
|
+
// For instance, assume that the standard "examples" application
|
228
|
+
// included a JDBC driver that needed to establish a network connection to the
|
229
|
+
// corresponding database and used the scrape taglib to get the weather from
|
230
|
+
// the NOAA web server. You might create a "grant" entries like this:
|
231
|
+
//
|
232
|
+
// The permissions granted to the context root directory apply to JSP pages.
|
233
|
+
// grant codeBase "file:${catalina.base}/webapps/examples/-" {
|
234
|
+
// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
|
235
|
+
// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
|
236
|
+
// };
|
237
|
+
//
|
238
|
+
// The permissions granted to the context WEB-INF/classes directory
|
239
|
+
// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" {
|
240
|
+
// };
|
241
|
+
//
|
242
|
+
// The permission granted to your JDBC driver
|
243
|
+
// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
|
244
|
+
// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
|
245
|
+
// };
|
246
|
+
// The permission granted to the scrape taglib
|
247
|
+
// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
|
248
|
+
// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
|
249
|
+
// };
|
250
|
+
|
251
|
+
// To grant permissions for web applications using packed WAR files, use the
|
252
|
+
// Tomcat specific WAR url scheme.
|
253
|
+
//
|
254
|
+
// The permissions granted to the entire web application
|
255
|
+
// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/-" {
|
256
|
+
// };
|
257
|
+
//
|
258
|
+
// The permissions granted to a specific JAR
|
259
|
+
// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/WEB-INF/lib/foo.jar" {
|
260
260
|
// };
|