yeah. only for stanbol. The permission granted right now are available for whole site.
On Mon, Sep 8, 2014 at 8:14 AM, aj...@virginia.edu <aj...@virginia.edu> wrote: > Do you mean giving only permissions to actions originating in the Stanbol > webapp and not to actions originating in other webapps deployed in your web > container? > > --- > A. Soroka > The University of Virginia Library > > On Sep 8, 2014, at 11:11 AM, Luyi Wang <wangl...@guitarca.com> wrote: > > > Does anyone have some idea on giving only codebase permission? > > > > On Sun, Sep 7, 2014 at 4:07 AM, aj...@virginia.edu <aj...@virginia.edu> > > wrote: > > > >> Another approach here is to move the Stanbol home _out_ of the directory > >> of your web container. I think that's a little clearer and safer, and > >> that's how I run Stanbol as a web app. You can do that with an init > param > >> in the Stanbol web application's web.xml file, with an element like > this: > >> > >> </init-param> > >> <init-param> <!-- the default sling.home is set to > stanbol > >> --> > >> <param-name>sling.home</param-name> > >> <param-value>/my/directory/for/stanbol</param-value> > >> </init-param> > >> > >> And of course you must give the Tomcat user rights to content under that > >> directory. > >> > >> --- > >> A. Soroka > >> The University of Virginia Library > >> > >> On Sep 7, 2014, at 1:08 AM, Luyi Wang <wangl...@guitarca.com> wrote: > >> > >>> Hi all: > >>> > >>> Would like to share my experience on deploying stanbol war file to > >> tomcat7 > >>> on ubuntu 14.04 > >>> > >>> After the full build by following instruction upon > >>> http://stanbol.apache.org/docs/trunk/tutorial.html > >>> > >>> I got the stanbol.war file deployed on tomcat7 but it kept reporting > >> error > >>> for resource not available as Apache Sling is starting. I checked the > >>> access log and found stanbol (actually sling) failed in creating a > folder > >>> under tomcat folder instead of tomcat webapps folder. An easy hack way > is > >>> to create a folder named "stanbol" with tomcat7 user/group access > under > >>> your $CATALINA_BASE folder and restart tomcat7. Then everything is fine > >>> except the the link "system/console" would be broken by default > setting. > >>> > >>> The broken link reporting permission error. To solve this, need to edit > >> two > >>> parts. > >>> 1. add permission into your tomcat policy configuration which is under > >>> /etc/tomcat7/policy.d folder. You can choose one to edit since later > on > >>> they all compile to be one file as $CATALINA_BASE/work/catalina.policy > >>> (/var/lib/tomcat7/work/catalina.policy) > >>> > >>> The hack way is to grant permission with careless. > >>> > >>> grant { > >>> permission java.security.AllPermission; > >>> }; > >>> > >>> > >>> I tried to make it more robust by adding permission only for stanbol > >>> codebase however I failed to make it work. If anyone knows how to do , > >> let > >>> me know. > >>> > >>> After that , need to change the tomcat init script in > /etc/init.d/tomcat > >>> Line 98 to yes. > >>> > >>> TOMCAT7_SECURITY=yes > >>> > >>> > >>> After all these, every component would work but we need to alter the > >> tomcat > >>> application memory size. > >>> > >>> vi /etc/default/tomcat7 > >>> > >>> change the JAVA_OPTS line. > >>> > >>> JAVA_OPTS="-Djava.awt.headless=true -Xmx1g -XX:MaxPermSize=256m > >>> -XX:+UseConcMarkSweepGC" > >>> > >>> Then restart tomcat7. > >>> > >>> > >>> Hope this would help people. > >>> > >>> Thanks. > >>> > >>> -Luyi. > >> > >> > >
