rubyfox-server 2.17.3.1 → 2.19.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/rubyfox/server/data/config/admin/descriptors/config_room.txt +10 -1
- data/lib/rubyfox/server/data/config/admin/descriptors/config_server.txt +90 -20
- data/lib/rubyfox/server/data/config/admin/descriptors/config_zone.txt +9 -0
- data/lib/rubyfox/server/data/config/admin/descriptors/runtime_room.txt +11 -0
- data/lib/rubyfox/server/data/config/admin/descriptors/runtime_user.txt +3 -3
- data/lib/rubyfox/server/data/config/core.xml +4 -4
- data/lib/rubyfox/server/data/config/default.words.txt +11 -0
- data/lib/rubyfox/server/data/config/log4j.properties +1 -2
- data/lib/rubyfox/server/data/config/server.xml +1 -1
- data/lib/rubyfox/server/data/data/GeoLite2-Country.mmdb +0 -0
- data/lib/rubyfox/server/data/data/bannedusers/users.bin +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/bootstrap.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/catalina-tasks.xml +39 -39
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/catalina.sh +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/ciphers.sh +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/commons-daemon-native.tar.gz +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/commons-daemon.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/configtest.sh +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/daemon.sh +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/digest.sh +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/makebase.sh +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/setclasspath.sh +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/shutdown.sh +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/startup.sh +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/tomcat-juli.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/tomcat-native.tar.gz +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/tool-wrapper.sh +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/bin/version.sh +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/Catalina/localhost/rewrite.config +1 -1
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/catalina.policy +263 -264
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/catalina.properties +209 -207
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/context.xml +31 -31
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/jaspic-providers.xml +23 -23
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/jaspic-providers.xsd +52 -52
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/keystore.jks +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/server.xml +177 -161
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/tomcat-users.xml +18 -7
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/tomcat-users.xsd +59 -59
- data/lib/rubyfox/server/data/lib/apache-tomcat/conf/web.xml +4740 -4737
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/annotations-api.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/catalina-ant.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/catalina-ha.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/catalina-ssi.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/catalina-storeconfig.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/catalina-tribes.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/catalina.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/el-api.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/jasper-el.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/jasper.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/jaspic-api.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/jsp-api.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/servlet-api.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/sfs2x-ws-helper.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-api.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-coyote.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-dbcp.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-i18n-cs.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-i18n-de.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-i18n-es.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-i18n-fr.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-i18n-ja.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-i18n-ko.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-i18n-pt-BR.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-i18n-ru.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-i18n-zh-CN.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-jdbc.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-jni.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-util-scan.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-util.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/tomcat-websocket.jar +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/lib/websocket-api.jar +0 -0
- data/lib/rubyfox/server/data/lib/javax.activation-1.2.0.jar +0 -0
- data/lib/rubyfox/server/data/lib/javax.mail.jar +0 -0
- data/lib/rubyfox/server/data/lib/js/JSApi.js +2 -1
- data/lib/rubyfox/server/data/lib/js/LibApi.js +181 -48
- data/lib/rubyfox/server/data/lib/sfs2x-admin.jar +0 -0
- data/lib/rubyfox/server/data/lib/sfs2x-cluster.jar +0 -0
- data/lib/rubyfox/server/data/lib/sfs2x-core.jar +0 -0
- data/lib/rubyfox/server/data/lib/sfs2x.jar +0 -0
- data/lib/rubyfox/server/data/sfs2x-service +26 -30
- data/lib/rubyfox/server/data/www/BlueBox.war +0 -0
- data/lib/rubyfox/server/data/www/HelloServlet/WEB-INF/web.xml +1 -3
- data/lib/rubyfox/server/data/www/ROOT/_css_/default.css +14 -6
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/css/style.css +44 -2
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/application.bundle.js +98 -61
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/endors~mod-0~mod-1~mod-11~mod-12~mod-17~mod-6~mod-7~mod-8~mod-9.bundle.js +17357 -0
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-0.bundle.js +4 -4
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-1.bundle.js +3 -3
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-10.bundle.js +101 -66
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-11.bundle.js +544 -8
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-12.bundle.js +915 -1480
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-12~module-15~module-16~module-4.bundle.js +2665 -0
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-13.bundle.js +606 -3093
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-13~module-16~module-17~module-4.bundle.js +2665 -0
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-14.bundle.js +764 -0
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-15.bundle.js +71 -0
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-16.bundle.js +1787 -0
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-17.bundle.js +3383 -0
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-4.bundle.js +121 -1009
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-5.bundle.js +1214 -1744
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-6.bundle.js +398 -666
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-7.bundle.js +717 -192
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-8.bundle.js +2117 -665
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-9.bundle.js +613 -690
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/vendors~mod-0~mod-1~mod-10~mod-11~mod-16~mod-5~mod-6~mod-7~mod-8.bundle.js +17357 -0
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/vendors~mod-0~mod-1~mod-11~mod-12~mod-17~mod-5~mod-6~mod-7~mod-8~mod-9.bundle.js +17357 -0
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/{vendors~module-0~module-1~module-13~module-4~module-5~module-7~module-8.bundle.js → vendors~mod-0~mod-1~mod-11~mod-12~mod-17~mod-5~mod-7~mod-8~mod-9.bundle.js} +2 -2
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/vendors~module-12.bundle.js +807 -0
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/vendors~module-13.bundle.js +807 -0
- data/lib/rubyfox/server/data/www/ROOT/admin/modules/cluster-configurator.html +32 -0
- data/lib/rubyfox/server/data/www/ROOT/admin/modules/cluster-monitor.html +185 -0
- data/lib/rubyfox/server/data/www/ROOT/admin/modules/cluster-updater.html +47 -0
- data/lib/rubyfox/server/data/www/ROOT/admin/modules/extension-deployer.html +84 -0
- data/lib/rubyfox/server/data/www/ROOT/admin/modules/zone-monitor.html +15 -8
- data/lib/rubyfox/server/data/www/ROOT/index.html +13 -23
- data/lib/rubyfox/server/data/www/host-manager/META-INF/context.xml +2 -2
- data/lib/rubyfox/server/data/www/host-manager/WEB-INF/jsp/404.jsp +2 -2
- data/lib/rubyfox/server/data/www/host-manager/{manager.xml → WEB-INF/manager.xml} +5 -1
- data/lib/rubyfox/server/data/www/host-manager/WEB-INF/web.xml +17 -0
- data/lib/rubyfox/server/data/www/host-manager/css/manager.css +141 -0
- data/lib/rubyfox/server/data/www/host-manager/images/tomcat.svg +967 -0
- data/lib/rubyfox/server/data/www/manager/META-INF/context.xml +2 -0
- data/lib/rubyfox/server/data/www/manager/WEB-INF/jsp/connectorCerts.jsp +1 -1
- data/lib/rubyfox/server/data/www/manager/WEB-INF/jsp/connectorCiphers.jsp +1 -1
- data/lib/rubyfox/server/data/www/manager/WEB-INF/jsp/connectorTrustedCerts.jsp +1 -1
- data/lib/rubyfox/server/data/www/manager/WEB-INF/jsp/sessionDetail.jsp +3 -3
- data/lib/rubyfox/server/data/www/manager/WEB-INF/jsp/sessionsList.jsp +1 -1
- data/lib/rubyfox/server/data/www/manager/WEB-INF/web.xml +17 -0
- data/lib/rubyfox/server/data/www/manager/css/manager.css +141 -0
- data/lib/rubyfox/server/data/www/manager/images/tomcat.svg +967 -0
- data/lib/rubyfox/server/data/www/manager/xform.xsl +74 -59
- data/lib/rubyfox/server/version.rb +1 -1
- metadata +30 -31
- data/lib/rubyfox/server/data/config/admin/icons/Analytics.png +0 -0
- data/lib/rubyfox/server/data/config/admin/icons/BanManager.png +0 -0
- data/lib/rubyfox/server/data/config/admin/icons/BlueBoxMonitor.png +0 -0
- data/lib/rubyfox/server/data/config/admin/icons/Console.png +0 -0
- data/lib/rubyfox/server/data/config/admin/icons/Dashboard.png +0 -0
- data/lib/rubyfox/server/data/config/admin/icons/ExtensionManager.png +0 -0
- data/lib/rubyfox/server/data/config/admin/icons/LicenseManager.png +0 -0
- data/lib/rubyfox/server/data/config/admin/icons/LogViewer.png +0 -0
- data/lib/rubyfox/server/data/config/admin/icons/ServerConfigurator.png +0 -0
- data/lib/rubyfox/server/data/config/admin/icons/ServletManager.png +0 -0
- data/lib/rubyfox/server/data/config/admin/icons/ZoneConfigurator.png +0 -0
- data/lib/rubyfox/server/data/config/admin/icons/ZoneMonitor.png +0 -0
- data/lib/rubyfox/server/data/lib/BlueBox.war +0 -0
- data/lib/rubyfox/server/data/lib/apache-tomcat/LICENSE +0 -1061
- data/lib/rubyfox/server/data/lib/apache-tomcat/NOTICE +0 -68
- data/lib/rubyfox/server/data/lib/apache-tomcat/README.md +0 -81
- data/lib/rubyfox/server/data/lib/apache-tomcat/RELEASE-NOTES +0 -174
- data/lib/rubyfox/server/data/lib/imap.jar +0 -0
- data/lib/rubyfox/server/data/lib/mailapi.jar +0 -0
- data/lib/rubyfox/server/data/lib/pop3.jar +0 -0
- data/lib/rubyfox/server/data/lib/smtp.jar +0 -0
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/module-12~module-13~module-9.bundle.js +0 -2634
- data/lib/rubyfox/server/data/www/ROOT/admin/assets/js/core/modules/vendors~module-9.bundle.js +0 -807
- data/lib/rubyfox/server/data/www/host-manager/images/tomcat.gif +0 -0
- data/lib/rubyfox/server/data/www/manager/images/tomcat.gif +0 -0
- /data/lib/rubyfox/server/data/data/buddylists/{BasicExamples/.keep → .keep} +0 -0
@@ -1,265 +1,264 @@
|
|
1
|
-
// Licensed to the Apache Software Foundation (ASF) under one or more
|
2
|
-
// contributor license agreements. See the NOTICE file distributed with
|
3
|
-
// this work for additional information regarding copyright ownership.
|
4
|
-
// The ASF licenses this file to You under the Apache License, Version 2.0
|
5
|
-
// (the "License"); you may not use this file except in compliance with
|
6
|
-
// the License. You may obtain a copy of the License at
|
7
|
-
//
|
8
|
-
// http://www.apache.org/licenses/LICENSE-2.0
|
9
|
-
//
|
10
|
-
// Unless required by applicable law or agreed to in writing, software
|
11
|
-
// distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
-
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
-
// See the License for the specific language governing permissions and
|
14
|
-
// limitations under the License.
|
15
|
-
|
16
|
-
// ============================================================================
|
17
|
-
// catalina.policy - Security Policy Permissions for Tomcat
|
18
|
-
//
|
19
|
-
// This file contains a default set of security policies to be enforced (by the
|
20
|
-
// JVM) when Catalina is executed with the "-security" option. In addition
|
21
|
-
// to the permissions granted here, the following additional permissions are
|
22
|
-
// granted to each web application:
|
23
|
-
//
|
24
|
-
// * Read access to the web application's document root directory
|
25
|
-
// * Read, write and delete access to the web application's working directory
|
26
|
-
// ============================================================================
|
27
|
-
|
28
|
-
|
29
|
-
// ========== SYSTEM CODE PERMISSIONS =========================================
|
30
|
-
|
31
|
-
|
32
|
-
// These permissions apply to javac
|
33
|
-
grant codeBase "file:${java.home}/lib/-" {
|
34
|
-
permission java.security.AllPermission;
|
35
|
-
};
|
36
|
-
|
37
|
-
// These permissions apply to all shared system extensions
|
38
|
-
grant codeBase "file:${java.home}/jre/lib/ext/-" {
|
39
|
-
permission java.security.AllPermission;
|
40
|
-
};
|
41
|
-
|
42
|
-
// These permissions apply to javac when ${java.home} points at $JAVA_HOME/jre
|
43
|
-
grant codeBase "file:${java.home}/../lib/-" {
|
44
|
-
permission java.security.AllPermission;
|
45
|
-
};
|
46
|
-
|
47
|
-
// These permissions apply to all shared system extensions when
|
48
|
-
// ${java.home} points at $JAVA_HOME/jre
|
49
|
-
grant codeBase "file:${java.home}/lib/ext/-" {
|
50
|
-
permission java.security.AllPermission;
|
51
|
-
};
|
52
|
-
|
53
|
-
// This permission is required when using javac to compile JSPs on Java 9
|
54
|
-
// onwards
|
55
|
-
//grant codeBase "jrt:/jdk.compiler" {
|
56
|
-
// permission java.security.AllPermission;
|
57
|
-
//};
|
58
|
-
|
59
|
-
|
60
|
-
// ========== CATALINA CODE PERMISSIONS =======================================
|
61
|
-
|
62
|
-
// These permissions apply to the daemon code
|
63
|
-
grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
|
64
|
-
permission java.security.AllPermission;
|
65
|
-
};
|
66
|
-
|
67
|
-
// These permissions apply to the logging API
|
68
|
-
// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home},
|
69
|
-
// update this section accordingly.
|
70
|
-
// grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..}
|
71
|
-
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
|
72
|
-
permission java.io.FilePermission
|
73
|
-
"${java.home}${file.separator}lib${file.separator}logging.properties", "read";
|
74
|
-
|
75
|
-
permission java.io.FilePermission
|
76
|
-
"${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
|
77
|
-
permission java.io.FilePermission
|
78
|
-
"${catalina.base}${file.separator}logs", "read, write";
|
79
|
-
permission java.io.FilePermission
|
80
|
-
"${catalina.base}${file.separator}logs${file.separator}*", "read, write, delete";
|
81
|
-
|
82
|
-
permission java.lang.RuntimePermission "shutdownHooks";
|
83
|
-
permission java.lang.RuntimePermission "getClassLoader";
|
84
|
-
permission java.lang.RuntimePermission "setContextClassLoader";
|
85
|
-
|
86
|
-
permission java.lang.management.ManagementPermission "monitor";
|
87
|
-
|
88
|
-
permission java.util.logging.LoggingPermission "control";
|
89
|
-
|
90
|
-
permission java.util.PropertyPermission "java.util.logging.config.class", "read";
|
91
|
-
permission java.util.PropertyPermission "java.util.logging.config.file", "read";
|
92
|
-
permission java.util.PropertyPermission "org.apache.juli.
|
93
|
-
permission java.util.PropertyPermission "org.apache.juli.
|
94
|
-
permission java.util.PropertyPermission "org.apache.juli.
|
95
|
-
permission java.util.PropertyPermission "
|
96
|
-
|
97
|
-
|
98
|
-
//
|
99
|
-
//
|
100
|
-
//
|
101
|
-
//
|
102
|
-
//
|
103
|
-
//
|
104
|
-
//
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
//
|
114
|
-
//
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
//
|
122
|
-
//
|
123
|
-
//
|
124
|
-
//
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
//
|
132
|
-
//
|
133
|
-
|
134
|
-
|
135
|
-
//
|
136
|
-
|
137
|
-
permission java.util.PropertyPermission "java.
|
138
|
-
permission java.util.PropertyPermission "
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
permission java.util.PropertyPermission "os.
|
143
|
-
permission java.util.PropertyPermission "os.
|
144
|
-
permission java.util.PropertyPermission "
|
145
|
-
permission java.util.PropertyPermission "
|
146
|
-
permission java.util.PropertyPermission "
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
permission java.util.PropertyPermission "java.
|
151
|
-
permission java.util.PropertyPermission "java.vendor", "read";
|
152
|
-
permission java.util.PropertyPermission "java.
|
153
|
-
permission java.util.PropertyPermission "java.
|
154
|
-
permission java.util.PropertyPermission "java.specification.
|
155
|
-
permission java.util.PropertyPermission "java.specification.
|
156
|
-
|
157
|
-
|
158
|
-
permission java.util.PropertyPermission "java.vm.specification.
|
159
|
-
permission java.util.PropertyPermission "java.vm.specification.
|
160
|
-
permission java.util.PropertyPermission "java.vm.
|
161
|
-
permission java.util.PropertyPermission "java.vm.
|
162
|
-
permission java.util.PropertyPermission "java.vm.
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.
|
176
|
-
permission java.lang.RuntimePermission
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket";
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
//
|
187
|
-
//
|
188
|
-
//
|
189
|
-
//
|
190
|
-
// -
|
191
|
-
// - CATALINA_HOME != CATALINA_BASE,
|
192
|
-
|
193
|
-
|
194
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
|
195
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.
|
196
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
|
197
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.
|
198
|
-
permission
|
199
|
-
|
200
|
-
}
|
201
|
-
|
202
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
|
203
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.
|
204
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
|
205
|
-
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.
|
206
|
-
permission
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
//
|
211
|
-
//
|
212
|
-
//
|
213
|
-
// -
|
214
|
-
// - CATALINA_HOME != CATALINA_BASE,
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
}
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
//
|
225
|
-
//
|
226
|
-
//
|
227
|
-
//
|
228
|
-
//
|
229
|
-
//
|
230
|
-
//
|
231
|
-
//
|
232
|
-
//
|
233
|
-
//
|
234
|
-
//
|
235
|
-
//
|
236
|
-
//
|
237
|
-
//
|
238
|
-
//
|
239
|
-
// permission java.net.SocketPermission "
|
240
|
-
//
|
241
|
-
//
|
242
|
-
//
|
243
|
-
//
|
244
|
-
//
|
245
|
-
//
|
246
|
-
//
|
247
|
-
//
|
248
|
-
//
|
249
|
-
//
|
250
|
-
//
|
251
|
-
//
|
252
|
-
//
|
253
|
-
//
|
254
|
-
|
255
|
-
|
256
|
-
//
|
257
|
-
//
|
258
|
-
//
|
259
|
-
//
|
260
|
-
//
|
261
|
-
//
|
262
|
-
//
|
263
|
-
//
|
264
|
-
// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/WEB-INF/lib/foo.jar" {
|
1
|
+
// Licensed to the Apache Software Foundation (ASF) under one or more
|
2
|
+
// contributor license agreements. See the NOTICE file distributed with
|
3
|
+
// this work for additional information regarding copyright ownership.
|
4
|
+
// The ASF licenses this file to You under the Apache License, Version 2.0
|
5
|
+
// (the "License"); you may not use this file except in compliance with
|
6
|
+
// the License. You may obtain a copy of the License at
|
7
|
+
//
|
8
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
//
|
10
|
+
// Unless required by applicable law or agreed to in writing, software
|
11
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
// See the License for the specific language governing permissions and
|
14
|
+
// limitations under the License.
|
15
|
+
|
16
|
+
// ============================================================================
|
17
|
+
// catalina.policy - Security Policy Permissions for Tomcat
|
18
|
+
//
|
19
|
+
// This file contains a default set of security policies to be enforced (by the
|
20
|
+
// JVM) when Catalina is executed with the "-security" option. In addition
|
21
|
+
// to the permissions granted here, the following additional permissions are
|
22
|
+
// granted to each web application:
|
23
|
+
//
|
24
|
+
// * Read access to the web application's document root directory
|
25
|
+
// * Read, write and delete access to the web application's working directory
|
26
|
+
// ============================================================================
|
27
|
+
|
28
|
+
|
29
|
+
// ========== SYSTEM CODE PERMISSIONS =========================================
|
30
|
+
|
31
|
+
|
32
|
+
// These permissions apply to javac
|
33
|
+
grant codeBase "file:${java.home}/lib/-" {
|
34
|
+
permission java.security.AllPermission;
|
35
|
+
};
|
36
|
+
|
37
|
+
// These permissions apply to all shared system extensions
|
38
|
+
grant codeBase "file:${java.home}/jre/lib/ext/-" {
|
39
|
+
permission java.security.AllPermission;
|
40
|
+
};
|
41
|
+
|
42
|
+
// These permissions apply to javac when ${java.home} points at $JAVA_HOME/jre
|
43
|
+
grant codeBase "file:${java.home}/../lib/-" {
|
44
|
+
permission java.security.AllPermission;
|
45
|
+
};
|
46
|
+
|
47
|
+
// These permissions apply to all shared system extensions when
|
48
|
+
// ${java.home} points at $JAVA_HOME/jre
|
49
|
+
grant codeBase "file:${java.home}/lib/ext/-" {
|
50
|
+
permission java.security.AllPermission;
|
51
|
+
};
|
52
|
+
|
53
|
+
// This permission is required when using javac to compile JSPs on Java 9
|
54
|
+
// onwards
|
55
|
+
//grant codeBase "jrt:/jdk.compiler" {
|
56
|
+
// permission java.security.AllPermission;
|
57
|
+
//};
|
58
|
+
|
59
|
+
|
60
|
+
// ========== CATALINA CODE PERMISSIONS =======================================
|
61
|
+
|
62
|
+
// These permissions apply to the daemon code
|
63
|
+
grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
|
64
|
+
permission java.security.AllPermission;
|
65
|
+
};
|
66
|
+
|
67
|
+
// These permissions apply to the logging API
|
68
|
+
// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home},
|
69
|
+
// update this section accordingly.
|
70
|
+
// grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..}
|
71
|
+
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
|
72
|
+
permission java.io.FilePermission
|
73
|
+
"${java.home}${file.separator}lib${file.separator}logging.properties", "read";
|
74
|
+
|
75
|
+
permission java.io.FilePermission
|
76
|
+
"${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
|
77
|
+
permission java.io.FilePermission
|
78
|
+
"${catalina.base}${file.separator}logs", "read, write";
|
79
|
+
permission java.io.FilePermission
|
80
|
+
"${catalina.base}${file.separator}logs${file.separator}*", "read, write, delete";
|
81
|
+
|
82
|
+
permission java.lang.RuntimePermission "shutdownHooks";
|
83
|
+
permission java.lang.RuntimePermission "getClassLoader";
|
84
|
+
permission java.lang.RuntimePermission "setContextClassLoader";
|
85
|
+
|
86
|
+
permission java.lang.management.ManagementPermission "monitor";
|
87
|
+
|
88
|
+
permission java.util.logging.LoggingPermission "control";
|
89
|
+
|
90
|
+
permission java.util.PropertyPermission "java.util.logging.config.class", "read";
|
91
|
+
permission java.util.PropertyPermission "java.util.logging.config.file", "read";
|
92
|
+
permission java.util.PropertyPermission "org.apache.juli.AsyncMaxRecordCount", "read";
|
93
|
+
permission java.util.PropertyPermission "org.apache.juli.AsyncOverflowDropType", "read";
|
94
|
+
permission java.util.PropertyPermission "org.apache.juli.ClassLoaderLogManager.debug", "read";
|
95
|
+
permission java.util.PropertyPermission "catalina.base", "read";
|
96
|
+
|
97
|
+
// Note: To enable per context logging configuration, permit read access to
|
98
|
+
// the appropriate file. Be sure that the logging configuration is
|
99
|
+
// secure before enabling such access.
|
100
|
+
// E.g. for the examples web application (uncomment and unwrap
|
101
|
+
// the following to be on a single line):
|
102
|
+
// permission java.io.FilePermission "${catalina.base}${file.separator}
|
103
|
+
// webapps${file.separator}examples${file.separator}WEB-INF
|
104
|
+
// ${file.separator}classes${file.separator}logging.properties", "read";
|
105
|
+
};
|
106
|
+
|
107
|
+
// These permissions apply to the server startup code
|
108
|
+
grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
|
109
|
+
permission java.security.AllPermission;
|
110
|
+
};
|
111
|
+
|
112
|
+
// These permissions apply to the servlet API classes
|
113
|
+
// and those that are shared across all class loaders
|
114
|
+
// located in the "lib" directory
|
115
|
+
grant codeBase "file:${catalina.home}/lib/-" {
|
116
|
+
permission java.security.AllPermission;
|
117
|
+
};
|
118
|
+
|
119
|
+
|
120
|
+
// If using a per instance lib directory, i.e. ${catalina.base}/lib,
|
121
|
+
// then the following permission will need to be uncommented
|
122
|
+
// grant codeBase "file:${catalina.base}/lib/-" {
|
123
|
+
// permission java.security.AllPermission;
|
124
|
+
// };
|
125
|
+
|
126
|
+
|
127
|
+
// ========== WEB APPLICATION PERMISSIONS =====================================
|
128
|
+
|
129
|
+
|
130
|
+
// These permissions are granted by default to all web applications
|
131
|
+
// In addition, a web application will be given a read FilePermission
|
132
|
+
// for all files and directories in its document root.
|
133
|
+
grant {
|
134
|
+
// Required for JNDI lookup of named JDBC DataSource's and
|
135
|
+
// javamail named MimePart DataSource used to send mail
|
136
|
+
permission java.util.PropertyPermission "java.home", "read";
|
137
|
+
permission java.util.PropertyPermission "java.naming.*", "read";
|
138
|
+
permission java.util.PropertyPermission "javax.sql.*", "read";
|
139
|
+
|
140
|
+
// OS Specific properties to allow read access
|
141
|
+
permission java.util.PropertyPermission "os.name", "read";
|
142
|
+
permission java.util.PropertyPermission "os.version", "read";
|
143
|
+
permission java.util.PropertyPermission "os.arch", "read";
|
144
|
+
permission java.util.PropertyPermission "file.separator", "read";
|
145
|
+
permission java.util.PropertyPermission "path.separator", "read";
|
146
|
+
permission java.util.PropertyPermission "line.separator", "read";
|
147
|
+
|
148
|
+
// JVM properties to allow read access
|
149
|
+
permission java.util.PropertyPermission "java.version", "read";
|
150
|
+
permission java.util.PropertyPermission "java.vendor", "read";
|
151
|
+
permission java.util.PropertyPermission "java.vendor.url", "read";
|
152
|
+
permission java.util.PropertyPermission "java.class.version", "read";
|
153
|
+
permission java.util.PropertyPermission "java.specification.version", "read";
|
154
|
+
permission java.util.PropertyPermission "java.specification.vendor", "read";
|
155
|
+
permission java.util.PropertyPermission "java.specification.name", "read";
|
156
|
+
|
157
|
+
permission java.util.PropertyPermission "java.vm.specification.version", "read";
|
158
|
+
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
|
159
|
+
permission java.util.PropertyPermission "java.vm.specification.name", "read";
|
160
|
+
permission java.util.PropertyPermission "java.vm.version", "read";
|
161
|
+
permission java.util.PropertyPermission "java.vm.vendor", "read";
|
162
|
+
permission java.util.PropertyPermission "java.vm.name", "read";
|
163
|
+
|
164
|
+
// Required for OpenJMX
|
165
|
+
permission java.lang.RuntimePermission "getAttribute";
|
166
|
+
|
167
|
+
// Allow read of JAXP compliant XML parser debug
|
168
|
+
permission java.util.PropertyPermission "jaxp.debug", "read";
|
169
|
+
|
170
|
+
// All JSPs need to be able to read this package
|
171
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat";
|
172
|
+
|
173
|
+
// Precompiled JSPs need access to these packages.
|
174
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
|
175
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
|
176
|
+
permission java.lang.RuntimePermission
|
177
|
+
"accessClassInPackage.org.apache.jasper.runtime.*";
|
178
|
+
|
179
|
+
// Applications using WebSocket need to be able to access these packages
|
180
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket";
|
181
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket.server";
|
182
|
+
};
|
183
|
+
|
184
|
+
|
185
|
+
// The Manager application needs access to the following packages to support the
|
186
|
+
// session display functionality. It also requires the custom Tomcat
|
187
|
+
// DeployXmlPermission to enable the use of META-INF/context.xml
|
188
|
+
// These settings support the following configurations:
|
189
|
+
// - default CATALINA_HOME == CATALINA_BASE
|
190
|
+
// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE
|
191
|
+
// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME
|
192
|
+
grant codeBase "file:${catalina.base}/webapps/manager/-" {
|
193
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
|
194
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
|
195
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
|
196
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
|
197
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
|
198
|
+
permission org.apache.catalina.security.DeployXmlPermission "manager";
|
199
|
+
};
|
200
|
+
grant codeBase "file:${catalina.home}/webapps/manager/-" {
|
201
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
|
202
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
|
203
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
|
204
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
|
205
|
+
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
|
206
|
+
permission org.apache.catalina.security.DeployXmlPermission "manager";
|
207
|
+
};
|
208
|
+
|
209
|
+
// The Host Manager application needs the custom Tomcat DeployXmlPermission to
|
210
|
+
// enable the use of META-INF/context.xml
|
211
|
+
// These settings support the following configurations:
|
212
|
+
// - default CATALINA_HOME == CATALINA_BASE
|
213
|
+
// - CATALINA_HOME != CATALINA_BASE, per instance Host Manager in CATALINA_BASE
|
214
|
+
// - CATALINA_HOME != CATALINA_BASE, shared Host Manager in CATALINA_HOME
|
215
|
+
grant codeBase "file:${catalina.base}/webapps/host-manager/-" {
|
216
|
+
permission org.apache.catalina.security.DeployXmlPermission "host-manager";
|
217
|
+
};
|
218
|
+
grant codeBase "file:${catalina.home}/webapps/host-manager/-" {
|
219
|
+
permission org.apache.catalina.security.DeployXmlPermission "host-manager";
|
220
|
+
};
|
221
|
+
|
222
|
+
|
223
|
+
// You can assign additional permissions to particular web applications by
|
224
|
+
// adding additional "grant" entries here, based on the code base for that
|
225
|
+
// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
|
226
|
+
//
|
227
|
+
// Different permissions can be granted to JSP pages, classes loaded from
|
228
|
+
// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/
|
229
|
+
// directory, or even to individual jar files in the /WEB-INF/lib/ directory.
|
230
|
+
//
|
231
|
+
// For instance, assume that the standard "examples" application
|
232
|
+
// included a JDBC driver that needed to establish a network connection to the
|
233
|
+
// corresponding database and used the scrape taglib to get the weather from
|
234
|
+
// the NOAA web server. You might create a "grant" entries like this:
|
235
|
+
//
|
236
|
+
// The permissions granted to the context root directory apply to JSP pages.
|
237
|
+
// grant codeBase "file:${catalina.base}/webapps/examples/-" {
|
238
|
+
// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
|
239
|
+
// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
|
240
|
+
// };
|
241
|
+
//
|
242
|
+
// The permissions granted to the context WEB-INF/classes directory
|
243
|
+
// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" {
|
244
|
+
// };
|
245
|
+
//
|
246
|
+
// The permission granted to your JDBC driver
|
247
|
+
// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
|
248
|
+
// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
|
249
|
+
// };
|
250
|
+
// The permission granted to the scrape taglib
|
251
|
+
// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
|
252
|
+
// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
|
253
|
+
// };
|
254
|
+
|
255
|
+
// To grant permissions for web applications using packed WAR files, use the
|
256
|
+
// Tomcat specific WAR url scheme.
|
257
|
+
//
|
258
|
+
// The permissions granted to the entire web application
|
259
|
+
// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/-" {
|
260
|
+
// };
|
261
|
+
//
|
262
|
+
// The permissions granted to a specific JAR
|
263
|
+
// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/WEB-INF/lib/foo.jar" {
|
265
264
|
// };
|