Do you mean giving only permissions to actions originating in the Stanbol webapp and not to actions originating in other webapps deployed in your web container?
--- A. Soroka The University of Virginia Library On Sep 8, 2014, at 11:11 AM, Luyi Wang <wangl...@guitarca.com> wrote: > Does anyone have some idea on giving only codebase permission? > > On Sun, Sep 7, 2014 at 4:07 AM, aj...@virginia.edu <aj...@virginia.edu> > wrote: > >> Another approach here is to move the Stanbol home _out_ of the directory >> of your web container. I think that's a little clearer and safer, and >> that's how I run Stanbol as a web app. You can do that with an init param >> in the Stanbol web application's web.xml file, with an element like this: >> >> </init-param> >> <init-param> <!-- the default sling.home is set to stanbol >> --> >> <param-name>sling.home</param-name> >> <param-value>/my/directory/for/stanbol</param-value> >> </init-param> >> >> And of course you must give the Tomcat user rights to content under that >> directory. >> >> --- >> A. Soroka >> The University of Virginia Library >> >> On Sep 7, 2014, at 1:08 AM, Luyi Wang <wangl...@guitarca.com> wrote: >> >>> Hi all: >>> >>> Would like to share my experience on deploying stanbol war file to >> tomcat7 >>> on ubuntu 14.04 >>> >>> After the full build by following instruction upon >>> http://stanbol.apache.org/docs/trunk/tutorial.html >>> >>> I got the stanbol.war file deployed on tomcat7 but it kept reporting >> error >>> for resource not available as Apache Sling is starting. I checked the >>> access log and found stanbol (actually sling) failed in creating a folder >>> under tomcat folder instead of tomcat webapps folder. An easy hack way is >>> to create a folder named "stanbol" with tomcat7 user/group access under >>> your $CATALINA_BASE folder and restart tomcat7. Then everything is fine >>> except the the link "system/console" would be broken by default setting. >>> >>> The broken link reporting permission error. To solve this, need to edit >> two >>> parts. >>> 1. add permission into your tomcat policy configuration which is under >>> /etc/tomcat7/policy.d folder. You can choose one to edit since later on >>> they all compile to be one file as $CATALINA_BASE/work/catalina.policy >>> (/var/lib/tomcat7/work/catalina.policy) >>> >>> The hack way is to grant permission with careless. >>> >>> grant { >>> permission java.security.AllPermission; >>> }; >>> >>> >>> I tried to make it more robust by adding permission only for stanbol >>> codebase however I failed to make it work. If anyone knows how to do , >> let >>> me know. >>> >>> After that , need to change the tomcat init script in /etc/init.d/tomcat >>> Line 98 to yes. >>> >>> TOMCAT7_SECURITY=yes >>> >>> >>> After all these, every component would work but we need to alter the >> tomcat >>> application memory size. >>> >>> vi /etc/default/tomcat7 >>> >>> change the JAVA_OPTS line. >>> >>> JAVA_OPTS="-Djava.awt.headless=true -Xmx1g -XX:MaxPermSize=256m >>> -XX:+UseConcMarkSweepGC" >>> >>> Then restart tomcat7. >>> >>> >>> Hope this would help people. >>> >>> Thanks. >>> >>> -Luyi. >> >>
