Hi Hoani,

This is useful, would be nice to put it somewhere on 
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationTomcat

Thanks
-Vincent

On May 27, 2013, at 9:25 AM, Hoani Cross <hoani.cr...@globotraders.com> wrote:

> Hi,
> 
> I wanted to get SecurityManager properly activated for running xwiki 5.0.1
> and after hours of testing, I got this version of the catalina.policy that
> seems to work properly :
> 
> grant codeBase "file:${catalina.base}/webapps/xwiki/WEB-INF/lib/-" {
>  permission java.util.PropertyPermission "*", "read, write";
> // Needed by Hibernate and others
>  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
>  permission java.lang.RuntimePermission "createClassLoader";
>  permission java.lang.RuntimePermission "setContextClassLoader";
>  permission java.net.SocketPermission "127.0.0.1:3306", "connect,resolve";
>  permission java.lang.RuntimePermission
> "accessClassInPackage.org.apache.catalina.loader";
>  permission javax.management.MBeanServerPermission "createMBeanServer";
>  permission javax.management.MBeanPermission "*", "registerMBean";
>  permission javax.management.MBeanPermission "*", "unregisterMBean";
>  permission javax.management.MBeanTrustPermission "register";
>  permission java.lang.RuntimePermission "accessDeclaredMembers";
>  permission java.lang.RuntimePermission "getenv.ProgramFiles";
>  permission java.lang.RuntimePermission "getenv.APPDATA";
>  permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
>  permission java.lang.RuntimePermission "getClassLoader";
>  permission java.lang.RuntimePermission
> "accessClassInPackage.org.apache.catalina.connector";
>  permission javax.xml.bind.JAXBPermission "setDatatypeConverter";
>  permission java.io.FilePermission
> "/opt/openoffice.org3/program/soffice.bin", "read";
>  permission java.io.FilePermission "/opt/libreoffice/program/soffice.bin",
> "read";
>  permission java.io.FilePermission
> "/usr/lib/openoffice/program/soffice.bin", "read";
>  permission java.io.SerializablePermission "allowSerializationReflection";
>  permission java.lang.RuntimePermission "reflectionFactoryAccess";
>  permission java.io.SerializablePermission "creator";
>  permission java.io.FilePermission
> "/usr/lib/libreoffice/program/soffice.bin", "read";
>  permission java.lang.RuntimePermission
> "accessClassInPackage.com.sun.jmx.interceptor";
>  permission java.lang.RuntimePermission
> "accessClassInPackage.com.sun.jmx.mbeanserver";
>  permission javax.management.MBeanPermission "-#-[-]", "queryNames";
>  permission javax.management.MBeanServerPermission "findMBeanServer";
>  permission java.io.FilePermission "synonyms.txt", "read";
>  permission java.io.FilePermission "lang/synonyms_en.txt", "read";
>  permission java.lang.RuntimePermission "modifyThread";
>  permission java.lang.RuntimePermission "getProtectionDomain";
>  permission java.io.FilePermission "quartz.properties", "read";
>  permission java.io.FilePermission "/templates/-", "read";
>  permission java.io.FilePermission "/skins/-", "read";
>  permission java.io.FilePermission "/resources/-", "read";
>  permission java.io.SerializablePermission "enableSubclassImplementation";
> 
> //Allow file storage directory reading - for directory and everything
> underneath
> //This is dependent on the setting of environment.permanentDirectory in
> xwiki.properties
> permission java.io.FilePermission
> "${catalina.base}${file.separator}xwikidata${file.separator}",
> "read,write,delete";
> permission java.io.FilePermission
> "${catalina.base}${file.separator}xwikidata${file.separator}-",
> "read,write,delete";
> //Allow file storage directory reading - temporary directory and everything
> underneath
> //This is dependent on the setting of environment.temporaryDirectory in
> xwiki.properties.
> permission java.io.FilePermission
> "${catalina.base}${file.separator}temp${file.separator}",
> "read,write,delete";
> permission java.io.FilePermission
> "${catalina.base}${file.separator}temp${file.separator}-",
> "read,write,delete";
> };
> 
> Hope it would help.
> 
> Hoani CROSS
> Globotraders Tahiti Founder [http://globotraders-tahiti.com]
_______________________________________________
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Reply via email to