cvs commit: jakarta-tomcat-catalina/catalina/src/conf catalina.properties

Sun, 03 Nov 2002 21:35:41 -0800 

jfarcand    2002/11/03 21:33:50

  Modified:    catalina/src/conf catalina.properties
  Log:
  Use the catalina.properties file to customize the package protection/access. This 
new security m
  echanism enable the customization, at runtime, of which package should be protected.
  
  the following package will be protected by default:
  
  o.a.catalina
  o.a.jasper(*)
  o.a.coyote
  o.a.tomcat.util
  
  (*) Tomcat 5 is broken when a JSP use a class from jsp20el.jar and when the 
SecurityManager is t
  urned on. Even if you remove all the protection, Tomcat fail to properly runs the 
example.
  
  o.a.coyote.tomcat5 has been securized in order to support package protection.
  
  Revision  Changes    Path
  1.4       +3 -2      jakarta-tomcat-catalina/catalina/src/conf/catalina.properties
  
  Index: catalina.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/conf/catalina.properties,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- catalina.properties       4 Nov 2002 05:12:56 -0000       1.3
  +++ catalina.properties       4 Nov 2002 05:33:50 -0000       1.4
  @@ -4,7 +4,7 @@
   # passed to checkPackageAccess unless the
   # corresponding RuntimePermission ("accessClassInPackage."+package) has
   # been granted.
  
-package.access=sun.,org.apache.catalina.,org.apache.jasper.,org.apache.coyote.,org.apache.tomcat.,org.apache.jsp.
  
+package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.compiler.,org.apache.jasper.core.,org.apache.jasper.logging.,org.apache.jasper.resources.,org.apache.jasper.servlet.,org.apache.jasper.util.,org.apache.jasper.xmlparser
   
   #
   # List of comma-separated packages that start with or equal this string
  @@ -16,8 +16,9 @@
   # by default, no packages are restricted for definition, and none of
   # the class loaders supplied with the JDK call checkPackageDefinition.
   #
  
-package.definition=sun.,java.,org.apache.catalina.,org.apache.jasper.,org.apache.coyote.,org.apache.tomcat.,org.apache.jsp
  
+package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.compiler.,org.apache.jasper.core.,org.apache.jasper.logging.,org.apache.jasper.resources.,org.apache.jasper.servlet.,org.apache.jasper.util.,org.apache.jasper.xmlparser
   
  +#
   #
   # List of comma-separated paths defining the contents of the "common" 
   # classloader. Prefixes should be used to define what is the repository type.
  
  
  

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>

Reply via email to