Author: kkolinko
Date: Wed Nov 18 03:00:57 2009
New Revision: 881654
URL: http://svn.apache.org/viewvc?rev=881654&view=rev
Log:
Wrapped long lines. As the text of this file is copy-pasted into
security-manager-howto.html, it will make it more readable.
Added a comment regarding tomcat-juli.jar
Modified:
tomcat/trunk/conf/catalina.policy
Modified: tomcat/trunk/conf/catalina.policy
URL:
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?rev=881654&r1=881653&r2=881654&view=diff
==============================================================================
--- tomcat/trunk/conf/catalina.policy (original)
+++ tomcat/trunk/conf/catalina.policy Wed Nov 18 03:00:57 2009
@@ -62,22 +62,32 @@
};
// These permissions apply to the logging API
+// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home},
+// update this section accordingly.
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.util.PropertyPermission
"java.util.logging.config.class", "read";
permission java.util.PropertyPermission
"java.util.logging.config.file", "read";
permission java.util.PropertyPermission "catalina.base", "read";
- permission java.io.FilePermission
"${java.home}${file.separator}lib${file.separator}logging.properties", "read";
- permission java.io.FilePermission
"${catalina.base}${file.separator}conf${file.separator}logging.properties",
"read";
- permission java.io.FilePermission
"${catalina.base}${file.separator}logs", "read, write";
- permission java.io.FilePermission
"${catalina.base}${file.separator}logs${file.separator}*", "read, write";
+ permission java.io.FilePermission
+
"${java.home}${file.separator}lib${file.separator}logging.properties", "read";
+ permission java.io.FilePermission
+
"${catalina.base}${file.separator}conf${file.separator}logging.properties",
"read";
+ permission java.io.FilePermission
+ "${catalina.base}${file.separator}logs", "read, write";
+ permission java.io.FilePermission
+ "${catalina.base}${file.separator}logs${file.separator}*", "read,
write";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.util.logging.LoggingPermission "control";
- // To enable per context logging configuration, permit read access to
the appropriate file.
- // Be sure that the logging configuration is secure before enabling
such access.
- // E.g. for the examples web application:
- // permission java.io.FilePermission
"${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties",
"read";
+
+ // To enable per context logging configuration, permit read access to
+ // the appropriate file. Be sure that the logging configuration is
+ // secure before enabling such access. E.g. for the examples web
+ // application:
+ // permission java.io.FilePermission "${catalina.base}${file.separator}
+ // webapps${file.separator}examples${file.separator}
+ //
WEB-INF${file.separator}classes${file.separator}logging.properties", "read";
};
// These permissions apply to the server startup code
@@ -142,11 +152,14 @@
// Precompiled JSPs need access to these packages.
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.jasper.el";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.jasper.runtime";
- permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.jasper.runtime.*";
+ permission java.lang.RuntimePermission
+ "accessClassInPackage.org.apache.jasper.runtime.*";
// Precompiled JSPs need access to these system properties.
- permission java.util.PropertyPermission
"org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";
- permission java.util.PropertyPermission
"org.apache.el.parser.COERCE_TO_ZERO", "read";
+ permission java.util.PropertyPermission
+ "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";
+ permission java.util.PropertyPermission
+ "org.apache.el.parser.COERCE_TO_ZERO", "read";
// Applications using Comet need to be able to access this package
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.comet";
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
