glenn 00/12/28 13:59:35 Modified: src/doc/uguide Tag: tomcat_32 tomcat-security.html Log: SecurityManager under unix Revision Changes Path No revision No revision 1.1.2.2 +2 -168 jakarta-tomcat/src/doc/uguide/Attic/tomcat-security.html Index: tomcat-security.html =================================================================== RCS file: /home/cvs/jakarta-tomcat/src/doc/uguide/Attic/tomcat-security.html,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- tomcat-security.html 2000/11/17 20:44:51 1.1.2.1 +++ tomcat-security.html 2000/12/28 21:59:34 1.1.2.2 @@ -1,6 +1,7 @@ <!doctype html public "-//w3c//dtd html 4.0 transitional//en"> <html> <head> + <title>Using the Java SecurityManager with Tomcat</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta name="GENERATOR" content="Mozilla/4.7 [en] (X11; I; SunOS 5.7 i86pc) [Netscape]"> </head> @@ -23,18 +24,11 @@ <a href="#permissions">Types of Permissions</a></li> <li> -<a href="#config">Configuring Tomcat for use with a SecurityManager</a></li> +<a href="tomcat-security-unix.html">Tomcat SecurityManager setup with Unix</a></li> <li> -<a href="#start">Starting Tomcat with a SecurityManager</a></li> - -<li> <a href="#violation">What happens when the SecurityManager detects a Security violation?</a></li> - -<li> -<a href="#trouble">Trouble shooting tomcat.policy configuration and Security -Violations</a></li> </ul> <h3> @@ -102,170 +96,10 @@ were running Tomcat without a SecurityManager. <br> <h3> -<a NAME="config"></a>Configuring Tomcat for use with a SecurityManager</h3> -<b>tomcat.policy</b> -<p>The security policies implemented by the Java SecurityManager are configured -in the <b>tomcat.policy </b>file located in the tomcat conf directory. -The tomcat.policy file replaces any system java.policy file. The -tomcat.policy file can be edited by hand or you can use the <b>policytool -</b>application -that comes with Java 1.2. -<p>Entries in the tomcat.policy file use the standard java.policy file -format as follows: -<table BORDER=0 > -<tr> -<td> -<pre>// Example policy file entry - -grant [signedBy <signer> [,codeBase <code source>] { - permission <class> [<name> [, <action list>]]; -};</pre> -</td> -</tr> -</table> -The <b>signedBy</b> and <b>codeBase </b>entries are optional when granting -permissions. Comment lines begin with // and end at a new line. -<p>The codeBase is in the form of a URL and for a file URL can use the -${java.home} and ${tomcat.home} properties which are expanded out to the -directory paths defined for them. -<p>Default tomcat.policy file -<table BORDER=0 > -<tr> -<td> -<pre>// Permissions for tomcat. - -// javac needs this -grant codeBase "file:${java.home}/lib/-" { - permission java.security.AllPermission; -}; - -// Tomcat gets all permissions -grant codeBase "file:${tomcat.home}/lib/-" { - permission java.security.AllPermission; -}; - -grant codeBase "file:${tomcat.home}/classes/-" { - permission java.security.AllPermission; -}; - -// Example webapp policy -// By default we grant read access on webapp dir -// and read of the line.separator PropertyPermission -grant codeBase "file:${tomcat.home}/webapps/examples" { - permission java.net.SocketPermission "localhost:1024-","listen"; - permission java.util.PropertyPermission "*","read"; -};</pre> -</td> -</tr> -</table> - -<p>Here is an example where in addition to the above, we want to grant -the examples web application the ability to connect to the localhost smtp -port so that it can send mail. -<table BORDER=0 > -<tr> -<td> -<pre>grant codeBase "file:${tomcat.home}/webapps/examples" { - permission java.net.SocketPermission "localhost:25","connect"; - permission java.net.SocketPermission "localhost:1024","listen"; - permission java.util.PropertyPermission "*","read"; -};</pre> -</td> -</tr> -</table> -Now what if we wanted to give all contexts not configured by their own -grant entry some default permissions in addition to what Tomcat assigns -by default. -<table BORDER=0 > -<tr> -<td> -<pre>grant { - permission java.net.SocketPermission "localhost:1024","listen"; - permission java.util.PropertyPermission "*","read"; -};</pre> -</td> -</tr> -</table> -Finally, a more complex tomcat.policy file. In this case we are using -Tomcat as an app server for a number of remote web servers. We want -to limit what remote web servers can connect to Tomcat by using the Java -SecurityManager. -<br> -<table BORDER=0 > -<tr> -<td> -<pre>// Permissions for tomcat. -// javac needs this -grant codeBase "file:${java.home}/lib/-" { - permission java.security.AllPermission; -}; - -// Tomcat with IP filtering -grant codeBase "file:${tomcat.home}/lib/-" { - // Tomcat should be able to read/write all properties - permission java.util.PropertyPermission "*","read,write"; - // Tomcat needs to be able to read files in its own directory - permission java.io.FilePermission "${tomcat.home}/-","read"; - // Tomcat has to be able to write its logs - permission java.io.FilePermission "${tomcat.home}/logs/-","read,write"; - // Tomcat has to be able to write to the conf directory - permission java.io.FilePermission "${tomcat.home}/conf/-","read,write"; - // Tomcat has to be able to compile JSP's - permission java.io.FilePermission "${tomcat.home}/work/-","read,write,delete"; - // Tomcat needs all the RuntimePermission's - permission java.lang.RuntimePermission "*"; - // Needed so Tomcat can set security policy for a Context - permission java.security.SecurityPermission "*"; - // Needed so that Tomcat will accept connections from a remote web server - // Replace XXX.XXX.XXX.XXX with the IP address of the remote web server - permission java.net.SocketPermission "XXX.XXX.XXX.XXX:1024-","accept,listen,resolve"; - // Tomcat has to be able to use its port on the localhost - permission java.net.SocketPermission "localhost:1024-","connect,accept,listen,resolve"; -}; - -// Example webapp policy -// By default we grant read access on webapp dir -// and read of the line.separator PropertyPermission -grant codeBase "file:${tomcat.home}/webapps/examples" { - permission java.net.SocketPermission "localhost:1024-","listen"; - permission java.util.PropertyPermission "*","read"; -};</pre> -</td> -</tr> -</table> - -<p><b>server.xml</b> -<p>Uncomment out the entry in server.xml for the ContextInterceptor which -defines the class named PolicyInterceptor. -<br> -<h3> -<a NAME="start"></a>Starting Tomcat with a SecurityManager</h3> -Once you have configured the tomcat.policy and server.xml files for use -with a SecurityManager, Tomcat can be started with the SecurityManager -in place by using the "-security" option to bin/startup.bat or bin/startup.sh. -<br> -<h3> <a NAME="violation"></a>What happens when the SecurityManager detects a Security violation?</h3> The JVM will throw an AccessControlException or a SecurityException when the SecurityManager detects a security policy violation. -<br> -<h2> -<a NAME="trouble"></a>Trouble shooting tomcat.policy configuration and -Security Violations</h2> -<b>JSP Compile using JVM internal javac fails with AccessControlException -for RuntimePermission accessClassInPackage sun.tools.javac.</b> -<p>Check your JAVA_HOME/jre/lib/security/java.security file configuration. -Comment out the line "package.access=sun.". -<p><b>JSP Compile using JVM internal javac fails with AccessControlException -for FilePermission read of tomcat work directory.</b> -<p>Try defining an absolute path for the codeBase needed in the policy -grant for java itself instead of the ${java.home} property. -<p> -<pre>// javac needs this -grant codeBase "file:/usr/java/lib/-" { - permission java.security.AllPermission; -};</pre> <br> </body> </html>