Allow tomcat to traverse symbolic links

Tomcat by default will not read symbolic links under the WEB-INF
directory. This can be overridden by setting the context parameter
allowLinking to True.

We want to symlink to the jars and not copy them because otherwise
when rpms containing the jars are updated with bug fixes or security
fixes we won't benefit from them if we've made private copies of the
jars in the instance. The reason why allowLinking defaults to False is
motivated by security concerns on untrusted web applications. Also
you'll often see in tomcat documentation the recommendation that all
necessary jars are copied into the WAR, this recommendation derives
from deploying a web app on a random server where the presence or
absence of jar or a specific version of a jar can't be
guaranteed. However, that is not our situation, we're not deploying a
WAR on random servers, our tomcat instance is quite controlled and
we'll never deploy unknown/untrusted web applications from it. The use
of symbolic links in this context should be safe and the value in
picking up rpm updates is so important that it justifies the use of
symbolic links in our controlled deployment.


git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1569 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

0 files changed, 0 insertions, 0 deletions