2017-05-09 16:59:24 +00:00
|
|
|
Index: conf/catalina.policy
|
2017-01-02 10:28:40 +00:00
|
|
|
===================================================================
|
2017-10-23 09:27:05 +00:00
|
|
|
--- conf/catalina.policy.orig
|
|
|
|
|
+++ conf/catalina.policy
|
|
|
|
|
@@ -100,6 +100,7 @@ grant codeBase "file:${catalina.home}/bi
|
2014-09-17 08:38:34 +00:00
|
|
|
// ${file.separator}classes${file.separator}logging.properties", "read";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
+
|
|
|
|
|
// These permissions apply to the server startup code
|
|
|
|
|
grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
|
|
|
|
|
permission java.security.AllPermission;
|
2017-10-23 09:27:05 +00:00
|
|
|
@@ -112,7 +113,6 @@ grant codeBase "file:${catalina.home}/li
|
2014-09-17 08:38:34 +00:00
|
|
|
permission java.security.AllPermission;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
// If using a per instance lib directory, i.e. ${catalina.base}/lib,
|
|
|
|
|
// then the following permission will need to be uncommented
|
|
|
|
|
// grant codeBase "file:${catalina.base}/lib/-" {
|
2017-10-23 09:27:05 +00:00
|
|
|
@@ -167,6 +167,9 @@ grant {
|
2014-09-17 08:38:34 +00:00
|
|
|
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat";
|
|
|
|
|
|
|
|
|
|
// Precompiled JSPs need access to these packages.
|
|
|
|
|
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper";
|
|
|
|
|
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.servlet";
|
|
|
|
|
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.compiler";
|
|
|
|
|
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
|
|
|
|
|
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
|
|
|
|
|
permission java.lang.RuntimePermission
|
2017-10-23 09:27:05 +00:00
|
|
|
@@ -233,6 +236,15 @@ grant codeBase "file:${catalina.home}/we
|
2014-09-17 08:38:34 +00:00
|
|
|
};
|
|
|
|
|
|
2017-10-23 09:27:05 +00:00
|
|
|
|
2014-09-17 08:38:34 +00:00
|
|
|
+// Additional basic permissions for web applications.
|
|
|
|
|
+grant codeBase "file:/usr/share/java/tomcat-servlet-api.jar" {
|
|
|
|
|
+ permission java.security.AllPermission;
|
|
|
|
|
+};
|
|
|
|
|
+
|
|
|
|
|
+grant codeBase "file:/usr/share/java/tomcat-el-api.jar" {
|
|
|
|
|
+ permission java.security.AllPermission;
|
|
|
|
|
+};
|
|
|
|
|
+
|
|
|
|
|
// You can assign additional permissions to particular web applications by
|
|
|
|
|
// adding additional "grant" entries here, based on the code base for that
|
|
|
|
|
// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
|
2017-10-23 09:27:05 +00:00
|
|
|
@@ -264,7 +276,6 @@ grant codeBase "file:${catalina.home}/we
|
2014-09-17 08:38:34 +00:00
|
|
|
// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
|
|
|
|
|
// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
|
|
|
|
|
// };
|
|
|
|
|
-
|
2017-01-02 10:28:40 +00:00
|
|
|
// To grant permissions for web applications using packed WAR files, use the
|
|
|
|
|
// Tomcat specific WAR url scheme.
|
|
|
|
|
//
|
