cvs commit: jakarta-tomcat-catalina/catalina/src/conf catalina.policy
remm2005/03/03 15:41:14 Modified:webapps/docs logging.xml catalina/src/conf catalina.policy Log: - Add JULI in the policy file. - Modify the header of the logging page in the docs. Revision ChangesPath 1.7 +5 -5 jakarta-tomcat-catalina/webapps/docs/logging.xml Index: logging.xml === RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/logging.xml,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- logging.xml 3 Mar 2005 18:26:40 - 1.6 +++ logging.xml 3 Mar 2005 23:41:14 - 1.7 @@ -20,7 +20,7 @@ http://jakarta.apache.org/commons/logging";>Commons Logging throughout its internal code allowing the developer to choose a logging configuration that suits their needs, e.g -JDK Logging or +java.util.logging or http://logging.apache.org/log4j";>Log4J. Commons Logging provides Tomcat the ability to log hierarchially across various log levels without needing to rely on a particular @@ -29,10 +29,10 @@ An important consequence for Tomcat 5.5 is that theelement found in previous versions to create a localhost_log is no longer a valid nested element -of . Instead, stdout will collect runtime exceptions and other uncaught -exception generated by web applications. If the developer wishes to collect detailed internal -Tomcat logging (i.e what is happening within the Tomcat engine), then they should configure -a logging system such as JDK Logging or log4j as detailed next. +of . Instead, the default Tomcat configuration will use java.util.logging. +If the developer wishes to collect detailed internal Tomcat logging (i.e what is happening +within the Tomcat engine), then they should configure a logging system such as java.util.logging +or log4j as detailed next. 1.13 +6 -1 jakarta-tomcat-catalina/catalina/src/conf/catalina.policy Index: catalina.policy === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/conf/catalina.policy,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- catalina.policy 15 Sep 2004 18:57:41 - 1.12 +++ catalina.policy 3 Mar 2005 23:41:14 - 1.13 @@ -65,6 +65,11 @@ permission java.security.AllPermission; }; +// These permissions apply to JULI +grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { +permission java.security.AllPermission; +}; + // These permissions apply to the servlet API classes // and those that are shared across all class loaders // located in the "common" directory - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/conf catalina.policy
jfarcand2004/09/15 11:57:41
Modified:catalina/src/conf catalina.policy
Log:
Give proper permission to the balancer app when running under the security manager.
Revision ChangesPath
1.12 +6 -1 jakarta-tomcat-catalina/catalina/src/conf/catalina.policy
Index: catalina.policy
===
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/conf/catalina.policy,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- catalina.policy 2 Mar 2004 12:36:22 - 1.11
+++ catalina.policy 15 Sep 2004 18:57:41 - 1.12
@@ -78,6 +78,11 @@
permission java.security.AllPermission;
};
+// The permissions granted to the balancer WEB-INF/classes directory
+grant codeBase "file:${catalina.home}/webapps/balancer/WEB-INF/classes/-" {
+permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.tomcat.util.digester";
+permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.tomcat.util.digester.*";
+};
// == WEB APPLICATION PERMISSIONS =
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/conf catalina.policy
remm2004/03/02 04:36:23
Modified:catalina/src/conf catalina.policy
Log:
- Register all classloaders with JMX, so that Tomcat is actually manageable
through JMX remote (otherwise, instantiating a new MBean is not possible).
- Move jmx.jar (used for JDKs < 1.5).
Revision ChangesPath
1.11 +6 -1 jakarta-tomcat-catalina/catalina/src/conf/catalina.policy
Index: catalina.policy
===
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/conf/catalina.policy,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- catalina.policy 10 Sep 2003 18:47:18 - 1.10
+++ catalina.policy 2 Mar 2004 12:36:22 - 1.11
@@ -60,6 +60,11 @@
permission java.security.AllPermission;
};
+// These permissions apply to the JMX server
+grant codeBase "file:${catalina.home}/bin/jmx.jar" {
+permission java.security.AllPermission;
+};
+
// These permissions apply to the servlet API classes
// and those that are shared across all class loaders
// located in the "common" directory
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/conf catalina.policy
remm2003/09/10 11:47:18
Modified:catalina/src/conf catalina.policy
Log:
- Fix security manager after move of commons-logging.
Revision ChangesPath
1.10 +11 -1 jakarta-tomcat-catalina/catalina/src/conf/catalina.policy
Index: catalina.policy
===
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/conf/catalina.policy,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- catalina.policy 1 Aug 2003 00:32:40 - 1.9
+++ catalina.policy 10 Sep 2003 18:47:18 - 1.10
@@ -45,6 +45,16 @@
permission java.security.AllPermission;
};
+// These permissions apply to the daemon code
+grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
+permission java.security.AllPermission;
+};
+
+// These permissions apply to the commons-logging API
+grant codeBase "file:${catalina.home}/bin/commons-logging-api.jar" {
+permission java.security.AllPermission;
+};
+
// These permissions apply to the server startup code
grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
permission java.security.AllPermission;
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/conf catalina.policy
jfarcand2003/07/31 17:32:40
Modified:catalina/src/conf catalina.policy
Log:
Fix for bug 22032: missing security-policy in default-configuration.
Precompiled JSPs running under the security manager always have to access
org.apache.jasper.runtime.* classes. With the package protection mechanism turned on,
those precompiled JSPs are being rejected by the security manager. The solution is to
grant access to org.apache.jasper.runtime.* (unfortunatly there is no othe rway).
Submitted by: Matthias Mezger ( mezger at gmx.de )
Revision ChangesPath
1.9 +27 -22jakarta-tomcat-catalina/catalina/src/conf/catalina.policy
Index: catalina.policy
===
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/conf/catalina.policy,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- catalina.policy 13 Dec 2002 21:57:26 - 1.8
+++ catalina.policy 1 Aug 2003 00:32:40 - 1.9
@@ -70,25 +70,25 @@
// In addition, a web application will be given a read FilePermission
// and JndiPermission for all files and directories in its document root.
grant {
-// Required for JNDI lookup of named JDBC DataSource's and
-// javamail named MimePart DataSource used to send mail
-permission java.util.PropertyPermission "java.home", "read";
-permission java.util.PropertyPermission "java.naming.*", "read";
-permission java.util.PropertyPermission "javax.sql.*", "read";
-
-// OS Specific properties to allow read access
- permission java.util.PropertyPermission "os.name", "read";
- permission java.util.PropertyPermission "os.version", "read";
- permission java.util.PropertyPermission "os.arch", "read";
- permission java.util.PropertyPermission "file.separator", "read";
- permission java.util.PropertyPermission "path.separator", "read";
- permission java.util.PropertyPermission "line.separator", "read";
-
-// JVM properties to allow read access
-permission java.util.PropertyPermission "java.version", "read";
-permission java.util.PropertyPermission "java.vendor", "read";
-permission java.util.PropertyPermission "java.vendor.url", "read";
-permission java.util.PropertyPermission "java.class.version", "read";
+// Required for JNDI lookup of named JDBC DataSource's and
+// javamail named MimePart DataSource used to send mail
+permission java.util.PropertyPermission "java.home", "read";
+permission java.util.PropertyPermission "java.naming.*", "read";
+permission java.util.PropertyPermission "javax.sql.*", "read";
+
+// OS Specific properties to allow read access
+permission java.util.PropertyPermission "os.name", "read";
+permission java.util.PropertyPermission "os.version", "read";
+permission java.util.PropertyPermission "os.arch", "read";
+permission java.util.PropertyPermission "file.separator", "read";
+permission java.util.PropertyPermission "path.separator", "read";
+permission java.util.PropertyPermission "line.separator", "read";
+
+// JVM properties to allow read access
+permission java.util.PropertyPermission "java.version", "read";
+permission java.util.PropertyPermission "java.vendor", "read";
+permission java.util.PropertyPermission "java.vendor.url", "read";
+permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
@@ -100,11 +100,16 @@
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
-// Required for OpenJMX
-permission java.lang.RuntimePermission "getAttribute";
+// Required for OpenJMX
+permission java.lang.RuntimePermission "getAttribute";
// Allow read of JAXP compliant XML parser debug
permission java.util.PropertyPermission "jaxp.debug", "read";
+
+// Precompiled JSPs need access to this package.
+permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.jasper.runtime";
+permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.jasper.runtime.*";
+
};
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/conf catalina.policy catalina.properties
jfarcand2002/12/13 13:57:26
Modified:catalina/src/conf catalina.policy catalina.properties
Log:
Do some clean up. Use the new security mechanism instead of the policy file for
Tomcat internal package protection.
Revision ChangesPath
1.8 +1 -4 jakarta-tomcat-catalina/catalina/src/conf/catalina.policy
Index: catalina.policy
===
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/conf/catalina.policy,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- catalina.policy 7 Nov 2002 19:04:55 - 1.7
+++ catalina.policy 13 Dec 2002 21:57:26 - 1.8
@@ -100,9 +100,6 @@
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
-// Required for getting BeanInfo
-permission java.lang.RuntimePermission "accessClassInPackage.sun.beans.*";
-
// Required for OpenJMX
permission java.lang.RuntimePermission "getAttribute";
1.6 +1 -1 jakarta-tomcat-catalina/catalina/src/conf/catalina.properties
Index: catalina.properties
===
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/conf/catalina.properties,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- catalina.properties 4 Nov 2002 20:22:43 - 1.5
+++ catalina.properties 13 Dec 2002 21:57:26 - 1.6
@@ -4,7 +4,7 @@
# passed to checkPackageAccess unless the
# corresponding RuntimePermission ("accessClassInPackage."+package) has
# been granted.
-package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
+package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.,sun.beans.
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
--
To unsubscribe, e-mail:
For additional commands, e-mail:
cvs commit: jakarta-tomcat-catalina/catalina/src/conf catalina.policy
jfarcand2002/11/07 11:04:55
Modified:catalina/src/conf catalina.policy
Log:
Revision ChangesPath
1.7 +1 -7 jakarta-tomcat-catalina/catalina/src/conf/catalina.policy
Index: catalina.policy
===
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/conf/catalina.policy,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- catalina.policy 4 Nov 2002 20:22:43 - 1.6
+++ catalina.policy 7 Nov 2002 19:04:55 - 1.7
@@ -63,12 +63,6 @@
permission java.security.AllPermission;
};
-// The new JSP 2.0 implementation needs some special privileges in order to work.
-// FIX ME: Need to reduce the permission scope.
-grant codeBase "file:${catalina.home}/webapps/jsp-examples/-" {
- permission java.security.AllPermission;
-};
-
// == WEB APPLICATION PERMISSIONS =
--
To unsubscribe, e-mail:
For additional commands, e-mail:
cvs commit: jakarta-tomcat-catalina/catalina/src/conf catalina.policy
jfarcand2002/11/04 08:43:31
Modified:catalina/src/conf catalina.policy
Log:
Remove special permission for shared package since it is no used with Tomcat 5.
Revision ChangesPath
1.5 +1 -10 jakarta-tomcat-catalina/catalina/src/conf/catalina.policy
Index: catalina.policy
===
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/conf/catalina.policy,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- catalina.policy 18 Oct 2002 17:47:06 - 1.4
+++ catalina.policy 4 Nov 2002 16:43:31 - 1.5
@@ -63,15 +63,6 @@
permission java.security.AllPermission;
};
-// These permissions apply to the jasper page compiler.
-grant codeBase "file:${catalina.home}/shared/lib/jasper-compiler.jar" {
-permission java.security.AllPermission;
-};
-
-// These permissions apply to the jasper JSP runtime
-grant codeBase "file:${catalina.home}/shared/lib/jasper-runtime.jar" {
-permission java.security.AllPermission;
-};
// == WEB APPLICATION PERMISSIONS =
--
To unsubscribe, e-mail:
For additional commands, e-mail:
cvs commit: jakarta-tomcat-catalina/catalina/src/conf catalina.policy
jfarcand2002/10/18 10:47:06
Modified:catalina/src/conf catalina.policy
Log:
Since we are granting "file:${catalina.home}/server/-" all permissions, we don't
need to grant special permissions for Admin and Manager applications.
Revision ChangesPath
1.4 +1 -10 jakarta-tomcat-catalina/catalina/src/conf/catalina.policy
Index: catalina.policy
===
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/conf/catalina.policy,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- catalina.policy 1 Aug 2002 04:59:24 - 1.3
+++ catalina.policy 18 Oct 2002 17:47:06 - 1.4
@@ -73,15 +73,6 @@
permission java.security.AllPermission;
};
-// These permissions apply to the privileged admin and manager web applications
-grant codeBase "file:${catalina.home}/server/webapps/admin/WEB-INF/classes/-" {
-permission java.security.AllPermission;
-};
-
-grant codeBase "file:${catalina.home}/server/webapps/admin/WEB-INF/lib/struts.jar" {
-permission java.security.AllPermission;
-};
-
// == WEB APPLICATION PERMISSIONS =
--
To unsubscribe, e-mail:
For additional commands, e-mail:
