Re: Granting permission to a single application-supplied JAR

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

George,

On 3/27/18 8:33 PM, George S. wrote:
> One thing that has bitten me is that the entire stack/call chain
> is examined, not just permissions on a specific piece of code as
> you would expect. This comes into play when you're trying to make
> calls into trusted code from a JSP.

JSP isn't an issue for me.

> My experience has been that JSPs are not trusted. So, even if you
> grant some code permissions to a specific codebase, the JSP making
> the call is untrusted and things fail. I ran into this recently
> using the Apache LDAP library with a JSP. A bunch of reads would
> fail.
> 
> I see the tomcat security manager howto makes a reference to 
> "pre-compiled jsp" but it's pretty vague (to my simple mind
> anyhow). I think the intention was to have pre-compiled JSPs live
> in a trusted codebase path.

Yes, that can be done e.g. by placing them into a JAR and trusting the
JAR.

> There's probably a way that you can mark all JSPs as trusted (I'm
> thinking a grant to $CATALINA_BASE/work/Catalina), but that kind of
> defeats the point. If you mark standard JSPs as trusted, then 
> anyone that can get a file in the context path can bypass your
> security model.
> 
> What I ended up doing on the last project was putting all of the
> code that made the calls into the Apache LDAP directory into a
> specific jar, and signing that jar with a certificate. Then I have
> a grant that trusts anything signed with that certificate.

I'd prefer to avoid signing if possible... we perform on-server builds
for everything, so that would mean distributing the signing-keys or
having a really awful process for building on-server and signing
off-server.

> The security manager can be maddening to work with. Just as a tip
> for my specific usage, I have a skeleton policy file and the tomcat
> startup script merges my policy file into Tomcat's policy file. I
> just found there's another way of doing that, but it doesn't look
> any better since it requires modifying a file in $JDK/JRE_HOME.

My plan was simply to append my own "additional" grants on to the end
of the Tomcat policy.

So far, I haven't had any luck using "grant" with ANY codebase at this
point.

Thanks,
- -chris

> On 3/22/2018 3:39 PM, Christopher Schultz wrote: All,
> 
> I'm working on getting my application working under a
> SecurityManager. It's actually been a little less painful than I
> thought it would be.
> 
> I'm using Solr for some index searching. I'm using SolrJ for the 
> library to communicate via HTTP to a localhost Solr server. When
> using this grant:
> 
> grant { permission "java.util.PropertyPermission" 
> "solr.httpclient.builder.factory", "read"; permission
> "java.net.SocketPermission", "localhost:8983", "resolve,connect"; 
> }
> 
> My application can can contact Solr without any errors.
> 
> If I change the "grant" to include a codeBase to restrict those 
> connections to the Solr library, I get a AccessControlException: 
> access denied to the system property. Here is the modified grant:
> 
> 
> grant codeBase 
> "file:${catalina.base}${file.separator}webapps${file.separator}myapp${
fi
>
> 
le.separator}WEB-INF${file.separator}lib${file.separator}solr-solrj-7.2.
> 1.jar" { permission "java.util.PropertyPermission" 
> "solr.httpclient.builder.factory", "read"; permission
> "java.net.SocketPermission" "localhost:8983", "resolve,connect"; 
> };
> 
> I have verified that the file exists under the path specified
> above. I tried both ${file.separator} and '/' as the file
> separator. I also tried "jar:/path/to/jar!/-" as the codeBase. No
> luck.
> 
> These grants are added to the end of the stock catalina.policy
> file that ships with Tomcat.
> 
> What am I missing, here?
> 
> -chris
>> 
>> -
>>
>> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq76TkACgkQHPApP6U8
pFgA4xAApmyDP+TW+Ek4Q5iOH42CbH20eFD6pG1D1eMBTclZqygHCVTa6ZtWKqcK
UL1l+1ADVf2CVm3fnFj5mPcV/vv7N8i96ztotHFr2mX8Vbe9aNRjoSyvmTIi44UI
dUXOkWpD2/OoXsyvONql+dBKuvLWZWlf7bc+PDQEUuLWF2tVW7tPRJoeVqPfUftj
7dCl/E7uWwzfeW9oDw1pKdxmb2g5XzI9x5BGcoUYCaUGfhRnVP4/FXCG0pp/Jyhv
U6yp3xcmbGEsuYgyCOkLeWY4OcSHitco10oc+MbqNPZ7Jb5MpsQ0Rm3S3SKRXaYW
5fpx1LvDZn5yzk5SDnZbeawmL/WZntQEKOF9L3vDKiuLMwpiaLTOlM0mHTGVfVro
lesYmS58SdnEHPjS2ikfx1vsg7k+n43mSwuwz8zLmOBH479iGezVKbck+T9sVZqd
J7rc3XxX9hQHTPJSy6ToFZTRbjvlbHJu6vg9h6u0EO2aAuc/HIeRIJ/d1bHccrSJ
QudB6mnZqyrwdbaXT0fRb1B5Chy4r4IHdt5u/6pBS6ebEdNGOudCwRjMSP7Gmvj9
T7mWw3knx9WP4xpD7MUQx9iUoF4TNInmc68y3EZRRUS9ubwDxQ7njcK4rycKFVA1
1trARd6/4ofNG+Y2Hn998/3eSeN+xpbVNCN5SIAVpJBrJtIc+3U=
=8ijC
-END PGP SIGNATURE-

-
To 

Re: Granting permission to a single application-supplied JAR

[George S.]

Chris,

One thing that has bitten me is that the entire stack/call chain is 
examined, not just permissions on a specific piece of code as you would 
expect. This comes into play when you're trying to make calls into 
trusted code from a JSP.


My experience has been that JSPs are not trusted. So, even if you grant 
some code permissions to a specific codebase, the JSP making the call is 
untrusted and things fail. I ran into this recently using the Apache 
LDAP library with a JSP. A bunch of reads would fail.


I see the tomcat security manager howto makes a reference to 
"pre-compiled jsp" but it's pretty vague (to my simple mind anyhow). I 
think the intention was to have pre-compiled JSPs live in a trusted 
codebase path. There's probably a way that you can mark all JSPs as 
trusted (I'm thinking a grant to $CATALINA_BASE/work/Catalina), but that 
kind of defeats the point. If you mark standard JSPs as trusted, then 
anyone that can get a file in the context path can bypass your security 
model.


What I ended up doing on the last project was putting all of the code 
that made the calls into the Apache LDAP directory into a specific jar, 
and signing that jar with a certificate. Then I have a grant that trusts 
anything signed with that certificate.


The security manager can be maddening to work with. Just as a tip for my 
specific usage, I have a skeleton policy file and the tomcat startup 
script merges my policy file into Tomcat's policy file. I just found 
there's another way of doing that, but it doesn't look any better since 
it requires modifying a file in $JDK/JRE_HOME.



On 3/22/2018 3:39 PM, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

All,

I'm working on getting my application working under a SecurityManager.
It's actually been a little less painful than I thought it would be.

I'm using Solr for some index searching. I'm using SolrJ for the
library to communicate via HTTP to a localhost Solr server. When using
this grant:

grant {
   permission "java.util.PropertyPermission"
"solr.httpclient.builder.factory", "read";
   permission "java.net.SocketPermission", "localhost:8983",
"resolve,connect";
}

My application can can contact Solr without any errors.

If I change the "grant" to include a codeBase to restrict those
connections to the Solr library, I get a AccessControlException:
access denied to the system property. Here is the modified grant:


grant codeBase
"file:${catalina.base}${file.separator}webapps${file.separator}myapp${fi
le.separator}WEB-INF${file.separator}lib${file.separator}solr-solrj-7.2.
1.jar"
{
   permission "java.util.PropertyPermission"
"solr.httpclient.builder.factory", "read";
   permission "java.net.SocketPermission" "localhost:8983",
"resolve,connect";
};

I have verified that the file exists under the path specified above. I
tried both ${file.separator} and '/' as the file separator. I also
tried "jar:/path/to/jar!/-" as the codeBase. No luck.

These grants are added to the end of the stock catalina.policy file
that ships with Tomcat.

What am I missing, here?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq0IpkdHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFj/og//dsN0nnYfal37ceL5
pEtIUtOGq87vwHRRMvTuWwxGmm5DqqfC+ZC07IWnJJt5Ap9ir8mYRiYluoCvx0yx
LdmUVEesygbhOmyLm6EX3deJ7ozaO5MkFcDx0084y/dHfx+L3mg2n/ysG/qnqoxS
69RvbQNh7ByRsDOnhlSXLc0ZSSB6L9GtE9UpgGdCdyvyBXKS5X3/XOvygJ13lHZH
lZH1/iXEUzatZtR7wSySfVdEXSx2JjSagClPmYVi4Lj4Fi9qugbwnpakT8Sr3mJx
A/lK/KLPA3NqH/T91fzZBzlmLXqZ6L5GFz2P9iOaQ+1QfcCiMktFxJ2tXzqYDQm1
g0OtE/k2Jf3+QZtpUDJ+cDzLjWdUXs/6oa0Uo37ZXTRU1wowPeX+PHsKr9aqQB+T
rx7OXTL/ZLh+bQobaQV4oyiF+mSRLZfrtI7cHoF8ZiwwsXpo4y+4CQqxzsWR6w4A
9wYV/lKecONJnwNey6JujapbcFcWmCZps5crvUyi/YNx/Rl/szdI2vWOevCJwnvQ
LgyvbNF8AglERID8bL0fT9RL9Ws5/taII3egavGBMUGi+VYu/qjY2c9unP3W7UR6
42NNGkDxQlum8M3uu3FpDMmsfcRcYzQSZ1yCEharMLzKR6zn0c4odnJpUWmVzLnO
brtsSvTBTsIlH3F7dlocMV63W+U=
=xlk2
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



--
George S.
*MH Software, Inc.*
Voice: 303 438 9585
http://www.mhsoftware.com

Re: Granting permission to a single application-supplied JAR

[Konstantin Kolinko]

2018-03-23 1:32 GMT+03:00 Christopher Schultz :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Konstantin,
>
> Thanks for the reply.
>
> On 3/22/18 6:12 PM, Konstantin Kolinko wrote:
>> 2018-03-23 0:39 GMT+03:00 Christopher Schultz
>> :
>>> All,
>>>
>>> I'm working on getting my application working under a
>>> SecurityManager. It's actually been a little less painful than I
>>> thought it would be.
>>>
>>> I'm using Solr for some index searching. I'm using SolrJ for the
>>> library to communicate via HTTP to a localhost Solr server. When
>>> using this grant:
>>>
>>> grant { permission "java.util.PropertyPermission"
>>> "solr.httpclient.builder.factory", "read"; permission
>>> "java.net.SocketPermission", "localhost:8983",
>>> "resolve,connect"; }
>>>
>>> My application can can contact Solr without any errors.
>>>
>>> If I change the "grant" to include a codeBase to restrict those
>>> connections to the Solr library, I get a AccessControlException:
>>> access denied to the system property. Here is the modified
>>> grant:
>>>
>>>
>>> grant codeBase
>>> "file:${catalina.base}${file.separator}webapps${file.separator}myapp$
> {fi
>>>
>>>
> le.separator}WEB-INF${file.separator}lib${file.separator}solr-solrj-7.2.
>>> 1.jar" { permission "java.util.PropertyPermission"
>>> "solr.httpclient.builder.factory", "read"; permission
>>> "java.net.SocketPermission" "localhost:8983", "resolve,connect";
>>> };
>>>
>>> I have verified that the file exists under the path specified
>>> above. I tried both ${file.separator} and '/' as the file
>>> separator. I also tried "jar:/path/to/jar!/-" as the codeBase. No
>>> luck.
>>
>> 1) The "grant" clause uses an URL, with '/'.
>>
>> ${file.separator} is used in file paths for a file system: in
>> java.io.FilePermission
>
> Thanks for pointing that out. I tried both ways and it did not make a
> difference.
>
>>> These grants are added to the end of the stock catalina.policy
>>> file that ships with Tomcat.
>>>
>>> What am I missing, here?
>>
>> 2) Tomcat version=? ;)
>
> 8.5.29, but this is a JVM security policy problem and should not be
> affected by the Tomcat version.
>
>> See "Troubleshooting" recipe here:
>>
>> http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html#Tr
> oubleshooting
>>
>>  You need to know the actual permission that failed.
>
> It's java.util.PropertyPermission to "read" the system property
> "solr.httpclient.builder.factory". Specifying no codeBase allows the
> code to execute.
>
>> You need to know java.security.CodeSource.getLocation() for all
>> classes in stacktrace up to the failing point (starting from the
>> nearest AccessController.doPrivileged()).
>
> Umm... how in the word do I determine that?
>
>> All those CodeSources should have that permission. If you missed
>> one, you will fail.
>
> So I'm going to assume that there are no doPrivileged() calls anywhere
> in the call stack. Does that mean that I have two options:
>
> 1. Grant the privilege to the whole JVM (as I have confirmed does work)
>
> 2. Add a doPrivileged() call somewhere that eventually attempts to
> read this system property?

Reads of a system property are usually wrapped in doPrivileged().

E.g. see java.io.PrintWriter constructor in Java 8u162:

lineSeparator = java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction("line.separator"));

The code above assumes that sun.* classes cannot be accessed by untrusted code.
(In case of Tomcat this is true thanks to "package.access" setting in
catalina.properties.)

>
> I also attempted to give the permission to me web application as a
> whole like this:
>
> grant codeBase
> "file:${catalina.base}/webapps/mywebapp/WEB-INF/classes/-" {
>   // same privileges
> };

The above grants permission to "WEB-INF/classes" directory, The
libraries are in "lib". There are also JSPs.

Example in catalina.policy:

// The permissions granted to the context root directory apply to JSP pages.
// grant codeBase "file:${catalina.base}/webapps/examples/-" {
//  permission java.net.SocketPermission
"dbhost.mycompany.com:5432", "connect";
//  permission java.net.SocketPermission "*.noaa.gov:80", "connect";
// };


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Granting permission to a single application-supplied JAR

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Konstantin,

Thanks for the reply.

On 3/22/18 6:12 PM, Konstantin Kolinko wrote:
> 2018-03-23 0:39 GMT+03:00 Christopher Schultz
> :
>> All,
>> 
>> I'm working on getting my application working under a
>> SecurityManager. It's actually been a little less painful than I
>> thought it would be.
>> 
>> I'm using Solr for some index searching. I'm using SolrJ for the 
>> library to communicate via HTTP to a localhost Solr server. When
>> using this grant:
>> 
>> grant { permission "java.util.PropertyPermission" 
>> "solr.httpclient.builder.factory", "read"; permission
>> "java.net.SocketPermission", "localhost:8983", 
>> "resolve,connect"; }
>> 
>> My application can can contact Solr without any errors.
>> 
>> If I change the "grant" to include a codeBase to restrict those 
>> connections to the Solr library, I get a AccessControlException: 
>> access denied to the system property. Here is the modified
>> grant:
>> 
>> 
>> grant codeBase 
>> "file:${catalina.base}${file.separator}webapps${file.separator}myapp$
{fi
>>
>> 
le.separator}WEB-INF${file.separator}lib${file.separator}solr-solrj-7.2.
>> 1.jar" { permission "java.util.PropertyPermission" 
>> "solr.httpclient.builder.factory", "read"; permission
>> "java.net.SocketPermission" "localhost:8983", "resolve,connect"; 
>> };
>> 
>> I have verified that the file exists under the path specified
>> above. I tried both ${file.separator} and '/' as the file
>> separator. I also tried "jar:/path/to/jar!/-" as the codeBase. No
>> luck.
> 
> 1) The "grant" clause uses an URL, with '/'.
> 
> ${file.separator} is used in file paths for a file system: in 
> java.io.FilePermission

Thanks for pointing that out. I tried both ways and it did not make a
difference.

>> These grants are added to the end of the stock catalina.policy
>> file that ships with Tomcat.
>> 
>> What am I missing, here?
> 
> 2) Tomcat version=? ;)

8.5.29, but this is a JVM security policy problem and should not be
affected by the Tomcat version.

> See "Troubleshooting" recipe here:
> 
> http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html#Tr
oubleshooting
>
>  You need to know the actual permission that failed.

It's java.util.PropertyPermission to "read" the system property
"solr.httpclient.builder.factory". Specifying no codeBase allows the
code to execute.

> You need to know java.security.CodeSource.getLocation() for all 
> classes in stacktrace up to the failing point (starting from the 
> nearest AccessController.doPrivileged()).

Umm... how in the word do I determine that?

> All those CodeSources should have that permission. If you missed
> one, you will fail.

So I'm going to assume that there are no doPrivileged() calls anywhere
in the call stack. Does that mean that I have two options:

1. Grant the privilege to the whole JVM (as I have confirmed does work)

2. Add a doPrivileged() call somewhere that eventually attempts to
read this system property?

I also attempted to give the permission to me web application as a
whole like this:

grant codeBase
"file:${catalina.base}/webapps/mywebapp/WEB-INF/classes/-" {
  // same privileges
};

And this does not work, either.

Do I have to put everything in doPrivileged() calls in order to
actually access the permissions I'm trying to grant using the "grant
codeBase" in my policy? THAT is going to be ... inconvenient. :(

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq0Lv4dHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFjLDRAArruXzHe0C5Ra2tfw
NngUE9/lKmnh5XoefF+M8iaUxA6X3GICMxCJtO7tdK/thMj7VAmmTGNoxTXoQXAL
HYR7ERuVbUzvcgys08Mu3rxd/r8T4Fhy3LWO/7WhSiRAnEAQjan/Q07NqD98O9jf
Etvcw6I2iLdO7bGt00/O/lwTHfYiWZQK542RgoU4SV5JsC0V9rr/eOgr5M/mnYqY
C6Lqi9f1ewJNe//oxMBztN5gDxW8SnXt7XS8R9I39GA5f1Mnd5Q4Ex53h3CiSkgF
27WW/yA9D7lE+zIEwUdnNq3kSGLrArgclPtAarl5JuzxNpiOLU6jtG1Tp3N4PKum
HpORNTTJYVC/+TrblBk9zsLQjoHh8Aut+VlrmKVfzIDkET1p+xRWDSp/7kZnOUAY
eZGSXSJYNwqGahCjMWj3R6QR6x+IQre4Y+kauDFisoKqLO9gjakBOwBvIuAGFeOE
YjrZRZ4sndiAVji/5tcAWCJjS4NMGQ0uqswzZyhSEaJTXa3GWceaEmfULPLZ2CQr
n1UKxNlBcHk84M0ktXif6TxP6547oDoyB80+OxkgUsh1SeNqs5MyJ4JcKWjkfOUu
4efV40XpDlUPwcOev/PHlqSjqyz+pTY6iiDJjkahfgjKT7ICloSe+5SsqlzBJqYA
/CcgxZGu0IPUuwmm6XXmMaglj6s=
=j0wy
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Granting permission to a single application-supplied JAR

[Konstantin Kolinko]

2018-03-23 0:39 GMT+03:00 Christopher Schultz :
> All,
>
> I'm working on getting my application working under a SecurityManager.
> It's actually been a little less painful than I thought it would be.
>
> I'm using Solr for some index searching. I'm using SolrJ for the
> library to communicate via HTTP to a localhost Solr server. When using
> this grant:
>
> grant {
>   permission "java.util.PropertyPermission"
> "solr.httpclient.builder.factory", "read";
>   permission "java.net.SocketPermission", "localhost:8983",
> "resolve,connect";
> }
>
> My application can can contact Solr without any errors.
>
> If I change the "grant" to include a codeBase to restrict those
> connections to the Solr library, I get a AccessControlException:
> access denied to the system property. Here is the modified grant:
>
>
> grant codeBase
> "file:${catalina.base}${file.separator}webapps${file.separator}myapp${fi
> le.separator}WEB-INF${file.separator}lib${file.separator}solr-solrj-7.2.
> 1.jar"
> {
>   permission "java.util.PropertyPermission"
> "solr.httpclient.builder.factory", "read";
>   permission "java.net.SocketPermission" "localhost:8983",
> "resolve,connect";
> };
>
> I have verified that the file exists under the path specified above. I
> tried both ${file.separator} and '/' as the file separator. I also
> tried "jar:/path/to/jar!/-" as the codeBase. No luck.

1) The "grant" clause uses an URL, with '/'.

${file.separator} is used in file paths for a file system: in
java.io.FilePermission


> These grants are added to the end of the stock catalina.policy file
> that ships with Tomcat.
>
> What am I missing, here?

2) Tomcat version=? ;)

See "Troubleshooting" recipe here:

http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html#Troubleshooting

You need to know the actual permission that failed.

You need to know java.security.CodeSource.getLocation() for all
classes in stacktrace up to the failing point (starting from the
nearest AccessController.doPrivileged()).

All those CodeSources should have that permission. If you missed one,
you will fail.


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Granting permission to a single application-supplied JAR

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

All,

I'm working on getting my application working under a SecurityManager.
It's actually been a little less painful than I thought it would be.

I'm using Solr for some index searching. I'm using SolrJ for the
library to communicate via HTTP to a localhost Solr server. When using
this grant:

grant {
  permission "java.util.PropertyPermission"
"solr.httpclient.builder.factory", "read";
  permission "java.net.SocketPermission", "localhost:8983",
"resolve,connect";
}

My application can can contact Solr without any errors.

If I change the "grant" to include a codeBase to restrict those
connections to the Solr library, I get a AccessControlException:
access denied to the system property. Here is the modified grant:


grant codeBase
"file:${catalina.base}${file.separator}webapps${file.separator}myapp${fi
le.separator}WEB-INF${file.separator}lib${file.separator}solr-solrj-7.2.
1.jar"
{
  permission "java.util.PropertyPermission"
"solr.httpclient.builder.factory", "read";
  permission "java.net.SocketPermission" "localhost:8983",
"resolve,connect";
};

I have verified that the file exists under the path specified above. I
tried both ${file.separator} and '/' as the file separator. I also
tried "jar:/path/to/jar!/-" as the codeBase. No luck.

These grants are added to the end of the stock catalina.policy file
that ships with Tomcat.

What am I missing, here?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlq0IpkdHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFj/og//dsN0nnYfal37ceL5
pEtIUtOGq87vwHRRMvTuWwxGmm5DqqfC+ZC07IWnJJt5Ap9ir8mYRiYluoCvx0yx
LdmUVEesygbhOmyLm6EX3deJ7ozaO5MkFcDx0084y/dHfx+L3mg2n/ysG/qnqoxS
69RvbQNh7ByRsDOnhlSXLc0ZSSB6L9GtE9UpgGdCdyvyBXKS5X3/XOvygJ13lHZH
lZH1/iXEUzatZtR7wSySfVdEXSx2JjSagClPmYVi4Lj4Fi9qugbwnpakT8Sr3mJx
A/lK/KLPA3NqH/T91fzZBzlmLXqZ6L5GFz2P9iOaQ+1QfcCiMktFxJ2tXzqYDQm1
g0OtE/k2Jf3+QZtpUDJ+cDzLjWdUXs/6oa0Uo37ZXTRU1wowPeX+PHsKr9aqQB+T
rx7OXTL/ZLh+bQobaQV4oyiF+mSRLZfrtI7cHoF8ZiwwsXpo4y+4CQqxzsWR6w4A
9wYV/lKecONJnwNey6JujapbcFcWmCZps5crvUyi/YNx/Rl/szdI2vWOevCJwnvQ
LgyvbNF8AglERID8bL0fT9RL9Ws5/taII3egavGBMUGi+VYu/qjY2c9unP3W7UR6
42NNGkDxQlum8M3uu3FpDMmsfcRcYzQSZ1yCEharMLzKR6zn0c4odnJpUWmVzLnO
brtsSvTBTsIlH3F7dlocMV63W+U=
=xlk2
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org