diff options
| author | Endi Sukma Dewata <edewata@redhat.com> | 2012-10-02 11:40:35 -0500 |
|---|---|---|
| committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-10-26 23:32:31 -0500 |
| commit | 5eab7fedf1c78610b5e030b9e07e93f32633e9ad (patch) | |
| tree | ce99a025f5f4f7b15a594bbd84dbc90a5aed4fc9 /base/deploy | |
| parent | 9c17ef40d7ee983e59ad009d960473611262ac40 (diff) | |
| download | pki-5eab7fedf1c78610b5e030b9e07e93f32633e9ad.tar.gz pki-5eab7fedf1c78610b5e030b9e07e93f32633e9ad.tar.xz pki-5eab7fedf1c78610b5e030b9e07e93f32633e9ad.zip | |
Enabled Tomcat security manager.
The tomcat.conf and the template deployment configuration have been
modified to enable the security manager. The operations script has
been modified to generate a new catalina.policy from the standard
Tomcat policy, the standard PKI policy and the custom policy every
time the instance is started.
The current catalina.policy has been changed to store a header for
the dynamically generated catalina.policy. A new pki.policy has been
added to store the default PKI security policy. An empty
custom.policy has been added to store policy customization.
Ticket #223
Diffstat (limited to 'base/deploy')
| -rw-r--r-- | base/deploy/config/pkideployment.cfg | 2 | ||||
| -rw-r--r-- | base/deploy/scripts/operations | 7 |
2 files changed, 8 insertions, 1 deletions
diff --git a/base/deploy/config/pkideployment.cfg b/base/deploy/config/pkideployment.cfg index 2a62c5e7d..772d35f71 100644 --- a/base/deploy/config/pkideployment.cfg +++ b/base/deploy/config/pkideployment.cfg @@ -119,7 +119,7 @@ pki_https_port=8443 pki_instance_name=pki-tomcat pki_proxy_http_port=80 pki_proxy_https_port=443 -pki_security_manager=false +pki_security_manager=true pki_tomcat_server_port=8005 ############################################################################### ## 'CA' Data: ## diff --git a/base/deploy/scripts/operations b/base/deploy/scripts/operations index 4716e766f..be5053ba2 100644 --- a/base/deploy/scripts/operations +++ b/base/deploy/scripts/operations @@ -1216,6 +1216,13 @@ start_instance() case $PKI_WEB_SERVER_TYPE in tomcat) + # Generate catalina.policy dynamically. + cat /usr/share/pki/server/conf/catalina.policy \ + /usr/share/tomcat/conf/catalina.policy \ + /usr/share/pki/server/conf/pki.policy \ + /var/lib/pki/$PKI_INSTANCE_ID/conf/custom.policy > \ + /var/lib/pki/$PKI_INSTANCE_ID/conf/catalina.policy + # We must export the service name so that the systemd version # of the tomcat init script knows which instance specific # configuration file to source. |