// --- BEGIN COPYRIGHT BLOCK ---
// Copyright (C) 2012 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---

// ============================================================================
// pki.policy - Default Security Policy Permissions for PKI on Tomcat 7
//
// This file contains a default set of security policies for PKI running inside
// Tomcat 7.
// ============================================================================

grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
        permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources";
};

grant codeBase "file:${catalina.base}/bin/bootstrap.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:${catalina.base}/lib/-" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/lib/java/jss4.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/lib64/java/jss4.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/commons-codec.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/apache-commons-collections.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/apache-commons-lang.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/apache-commons-logging.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/ecj.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/eclipse/-" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/glassfish-jsp.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/httpcomponents/httpclient.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/httpcomponents/httpcore.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/javassist.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/jaxb-api.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/jaxme/jaxmeapi.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/jaxp_parser_impl.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/jboss-web.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/jettison.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/ldapjdk.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/log4j.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/resteasy/jaxrs-api.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/resteasy/resteasy-atom-provider.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/resteasy/resteasy-jaxb-provider.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/resteasy/resteasy-jaxrs.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/resteasy/resteasy-jettison-provider.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/resteasy-base/jaxrs-api.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/resteasy-base/resteasy-atom-provider.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/resteasy-base/resteasy-jaxb-provider.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/resteasy-base/resteasy-jaxrs.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/resteasy-base/resteasy-jettison-provider.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/scannotation.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/servlet.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/tomcat/-" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/tomcat7jss.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/tomcat-el-api.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/tomcat-servlet-api.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/velocity.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/xerces-j2.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/xml-commons-apis.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/xml-commons-resolver.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/java/pki/-" {
        permission java.security.AllPermission;
};

grant codeBase "file:${catalina.base}/webapps/pki/-" {
        permission java.security.AllPermission;
};

grant codeBase "file:${catalina.base}/webapps/ca/-" {
        permission java.security.AllPermission;
};

grant codeBase "file:${catalina.base}/webapps/kra/-" {
        permission java.security.AllPermission;
};

grant codeBase "file:${catalina.base}/webapps/ocsp/-" {
        permission java.security.AllPermission;
};

grant codeBase "file:${catalina.base}/webapps/tks/-" {
        permission java.security.AllPermission;
};

grant codeBase "file:${catalina.base}/webapps/ROOT/-" {
        permission java.security.AllPermission;
};