From 5eab7fedf1c78610b5e030b9e07e93f32633e9ad Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Tue, 2 Oct 2012 11:40:35 -0500 Subject: Enabled Tomcat security manager. The tomcat.conf and the template deployment configuration have been modified to enable the security manager. The operations script has been modified to generate a new catalina.policy from the standard Tomcat policy, the standard PKI policy and the custom policy every time the instance is started. The current catalina.policy has been changed to store a header for the dynamically generated catalina.policy. A new pki.policy has been added to store the default PKI security policy. An empty custom.policy has been added to store policy customization. Ticket #223 --- base/deploy/scripts/operations | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'base/deploy/scripts/operations') diff --git a/base/deploy/scripts/operations b/base/deploy/scripts/operations index 4716e766f..be5053ba2 100644 --- a/base/deploy/scripts/operations +++ b/base/deploy/scripts/operations @@ -1216,6 +1216,13 @@ start_instance() case $PKI_WEB_SERVER_TYPE in tomcat) + # Generate catalina.policy dynamically. + cat /usr/share/pki/server/conf/catalina.policy \ + /usr/share/tomcat/conf/catalina.policy \ + /usr/share/pki/server/conf/pki.policy \ + /var/lib/pki/$PKI_INSTANCE_ID/conf/custom.policy > \ + /var/lib/pki/$PKI_INSTANCE_ID/conf/catalina.policy + # We must export the service name so that the systemd version # of the tomcat init script knows which instance specific # configuration file to source. -- cgit