diff options
Diffstat (limited to 'base/kra/shared')
-rw-r--r-- | base/kra/shared/conf/catalina.policy | 184 | ||||
-rw-r--r-- | base/kra/shared/conf/catalina.properties | 87 |
2 files changed, 0 insertions, 271 deletions
diff --git a/base/kra/shared/conf/catalina.policy b/base/kra/shared/conf/catalina.policy deleted file mode 100644 index cf8302cd0..000000000 --- a/base/kra/shared/conf/catalina.policy +++ /dev/null @@ -1,184 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// Copyright (C) 2006-2010 Red Hat, Inc. -// All rights reserved. -// Modifications: configuration parameters -// --- END COPYRIGHT BLOCK --- - -// Licensed to the Apache Software Foundation (ASF) under one or more -// contributor license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright ownership. -// The ASF licenses this file to You under the Apache License, Version 2.0 -// (the "License"); you may not use this file except in compliance with -// the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// ============================================================================ -// catalina.corepolicy - Security Policy Permissions for Tomcat 6 -// -// This file contains a default set of security policies to be enforced (by the -// JVM) when Catalina is executed with the "-security" option. In addition -// to the permissions granted here, the following additional permissions are -// granted to the codebase specific to each web application: -// -// * Read access to the document root directory -// -// $Id$ -// ============================================================================ - - -// ========== SYSTEM CODE PERMISSIONS ========================================= - - -// These permissions apply to javac -grant codeBase "file:${java.home}/lib/-" { - permission java.security.AllPermission; -}; - -// These permissions apply to all shared system extensions -grant codeBase "file:${java.home}/jre/lib/ext/-" { - permission java.security.AllPermission; -}; - -// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre -grant codeBase "file:${java.home}/../lib/-" { - permission java.security.AllPermission; -}; - -// These permissions apply to all shared system extensions when -// ${java.home} points at $JAVA_HOME/jre -grant codeBase "file:${java.home}/lib/ext/-" { - permission java.security.AllPermission; -}; - - -// ========== CATALINA CODE PERMISSIONS ======================================= - - -// These permissions apply to the daemon code -grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" { - permission java.security.AllPermission; -}; - -// These permissions apply to the logging API -grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { - permission java.util.PropertyPermission "java.util.logging.config.class", "read"; - permission java.util.PropertyPermission "java.util.logging.config.file", "read"; - permission java.io.FilePermission "${java.home}${file.separator}lib${file.separator}logging.properties", "read"; - permission java.lang.RuntimePermission "shutdownHooks"; - permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read"; - permission java.util.PropertyPermission "catalina.base", "read"; - permission java.util.logging.LoggingPermission "control"; - permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write"; - permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write"; - permission java.lang.RuntimePermission "getClassLoader"; - // To enable per context logging configuration, permit read access to the appropriate file. - // Be sure that the logging configuration is secure before enabling such access - // eg for the examples web application: - // permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read"; -}; - -// These permissions apply to the server startup code -grant codeBase "file:${catalina.home}/bin/bootstrap.jar" { - permission java.security.AllPermission; -}; - -// These permissions apply to the servlet API classes -// and those that are shared across all class loaders -// located in the "lib" directory -grant codeBase "file:${catalina.home}/lib/-" { - permission java.security.AllPermission; -}; - - -// ========== WEB APPLICATION PERMISSIONS ===================================== - - -// These permissions are granted by default to all web applications -// In addition, a web application will be given a read FilePermission -// and JndiPermission for all files and directories in its document root. -grant { - // Required for JNDI lookup of named JDBC DataSource's and - // javamail named MimePart DataSource used to send mail - permission java.util.PropertyPermission "java.home", "read"; - permission java.util.PropertyPermission "java.naming.*", "read"; - permission java.util.PropertyPermission "javax.sql.*", "read"; - - // OS Specific properties to allow read access - permission java.util.PropertyPermission "os.name", "read"; - permission java.util.PropertyPermission "os.version", "read"; - permission java.util.PropertyPermission "os.arch", "read"; - permission java.util.PropertyPermission "file.separator", "read"; - permission java.util.PropertyPermission "path.separator", "read"; - permission java.util.PropertyPermission "line.separator", "read"; - - // JVM properties to allow read access - permission java.util.PropertyPermission "java.version", "read"; - permission java.util.PropertyPermission "java.vendor", "read"; - permission java.util.PropertyPermission "java.vendor.url", "read"; - permission java.util.PropertyPermission "java.class.version", "read"; - permission java.util.PropertyPermission "java.specification.version", "read"; - permission java.util.PropertyPermission "java.specification.vendor", "read"; - permission java.util.PropertyPermission "java.specification.name", "read"; - - permission java.util.PropertyPermission "java.vm.specification.version", "read"; - permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; - permission java.util.PropertyPermission "java.vm.specification.name", "read"; - permission java.util.PropertyPermission "java.vm.version", "read"; - permission java.util.PropertyPermission "java.vm.vendor", "read"; - permission java.util.PropertyPermission "java.vm.name", "read"; - - // Required for OpenJMX - permission java.lang.RuntimePermission "getAttribute"; - - // Allow read of JAXP compliant XML parser debug - permission java.util.PropertyPermission "jaxp.debug", "read"; - - // Precompiled JSPs need access to this package. - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*"; - - // Precompiled JSPs need access to this system property. - permission java.util.PropertyPermission "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read"; - -}; - - -// You can assign additional permissions to particular web applications by -// adding additional "grant" entries here, based on the code base for that -// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files. -// -// Different permissions can be granted to JSP pages, classes loaded from -// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/ -// directory, or even to individual jar files in the /WEB-INF/lib/ directory. -// -// For instance, assume that the standard "examples" application -// included a JDBC driver that needed to establish a network connection to the -// corresponding database and used the scrape taglib to get the weather from -// the NOAA web server. You might create a "grant" entries like this: -// -// The permissions granted to the context root directory apply to JSP pages. -// grant codeBase "file:${catalina.home}/webapps/examples/-" { -// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; -// permission java.net.SocketPermission "*.noaa.gov:80", "connect"; -// }; -// -// The permissions granted to the context WEB-INF/classes directory -// grant codeBase "file:${catalina.home}/webapps/examples/WEB-INF/classes/-" { -// }; -// -// The permission granted to your JDBC driver -// grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar!/-" { -// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; -// }; -// The permission granted to the scrape taglib -// grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/scrape.jar!/-" { -// permission java.net.SocketPermission "*.noaa.gov:80", "connect"; -// }; - diff --git a/base/kra/shared/conf/catalina.properties b/base/kra/shared/conf/catalina.properties deleted file mode 100644 index 70cb7c05e..000000000 --- a/base/kra/shared/conf/catalina.properties +++ /dev/null @@ -1,87 +0,0 @@ -# --- BEGIN COPYRIGHT BLOCK --- -# Copyright (C) 2006-2010 Red Hat, Inc. -# All rights reserved. -# Modifications: configuration parameters -# --- END COPYRIGHT BLOCK --- - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageAccess unless the -# corresponding RuntimePermission ("accessClassInPackage."+package) has -# been granted. -package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.,sun.beans. -# -# List of comma-separated packages that start with or equal this string -# will cause a security exception to be thrown when -# passed to checkPackageDefinition unless the -# corresponding RuntimePermission ("defineClassInPackage."+package) has -# been granted. -# -# by default, no packages are restricted for definition, and none of -# the class loaders supplied with the JDK call checkPackageDefinition. -# -package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper. - -# -# -# List of comma-separated paths defining the contents of the "common" -# classloader. Prefixes should be used to define what is the repository type. -# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute. -# If left as blank,the JVM system loader will be used as Catalina's "common" -# loader. -# Examples: -# "foo": Add this folder as a class repository -# "foo/*.jar": Add all the JARs of the specified folder as class -# repositories -# "foo/bar.jar": Add bar.jar as a class repository -common.loader=${catalina.home}/lib,${catalina.home}/lib/*.jar,[TOMCAT_INSTANCE_COMMON_LIB] - -# -# List of comma-separated paths defining the contents of the "server" -# classloader. Prefixes should be used to define what is the repository type. -# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute. -# If left as blank, the "common" loader will be used as Catalina's "server" -# loader. -# Examples: -# "foo": Add this folder as a class repository -# "foo/*.jar": Add all the JARs of the specified folder as class -# repositories -# "foo/bar.jar": Add bar.jar as a class repository -server.loader= - -# -# List of comma-separated paths defining the contents of the "shared" -# classloader. Prefixes should be used to define what is the repository type. -# Path may be relative to the CATALINA_BASE path or absolute. If left as blank, -# the "common" loader will be used as Catalina's "shared" loader. -# Examples: -# "foo": Add this folder as a class repository -# "foo/*.jar": Add all the JARs of the specified folder as class -# repositories -# "foo/bar.jar": Add bar.jar as a class repository -# Please note that for single jars, e.g. bar.jar, you need the URL form -# starting with file:. -shared.loader= - -# -# String cache configuration. -tomcat.util.buf.StringCache.byte.enabled=true -#tomcat.util.buf.StringCache.char.enabled=true -#tomcat.util.buf.StringCache.trainThreshold=500000 -#tomcat.util.buf.StringCache.cacheSize=5000 |