Any one there to help me on this ?
Regards, Sanaullah ---------- Forwarded message ---------- From: Sanaullah <sanaulla...@gmail.com> Date: Fri, Feb 13, 2015 at 10:48 PM Subject: singed code deployment To: Tomcat Users List <users@tomcat.apache.org> Hi, I have signed the ear package using jar signer and start the tomee using ./startup.sh -security and also edit the catalina.policy file looks below. I am confused here, how code sign verification process is done? if the code sign certificate is not the truststore still the tomcat server will start? or it stops booting the application? I haven't seen anything in the log related to code sign, how can i verify this ? grant signedBy "codesigntest", codeBase "file:${catalina.base}/webapps/manager/-" { permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util"; }; grant signedBy "codesigntest", codeBase "file:${catalina.home}/webapps/manager/-" { permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util"; }; grant signedBy "codesigntest", codeBase "file:${catalina.home}/apps/ams_ear/ams_ear.ear" { permission java.security.AllPermission; }; grant signedBy "codesigntest", codeBase "file:${catalina.home}/apps/ams_ear/*" { permission java.security.AllPermission; }; Regards, Sanaullah