You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomee.apache.org by san82 <sa...@gmail.com> on 2015/02/26 08:35:27 UTC

signed ear package verification issue

Hi,

I have signed the ear package using jar signer and start the tomee using 
./startup.sh  -security and also edit the catalina.policy. I am using tomee
2.0 as the tomee 1.6 is already reported one bug for security policy
TOMEE-1267. my configuration file looks like below. 

I am confused here, how code sign verification process is done? if the code
sign certificate is not in the truststore still the tomcat server starts
without any error. Can someone tells me what could be the behavior of the
server when the packages is deployed as signed and the certificate is not
present in the truststore and also when we enable the signedby option, can
server boot-up without the signed ear package ?

I haven't seen anything in the log related to code sign, how can i verify
this ?
 
grant signedBy "codesigntest", codeBase
"file:${catalina.base}/webapps/manager/-" {
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina";
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.ha.session";
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.manager";
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.manager.util";
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.util";
};
grant signedBy "codesigntest", codeBase
"file:${catalina.home}/webapps/manager/-" {
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina";
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.ha.session";
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.manager";
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.manager.util";
    permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.util";
};

grant signedBy "codesigntest", codeBase
"file:${catalina.home}/apps/ams_ear/ams_ear.ear" {
  permission java.security.AllPermission;
};

 grant signedBy "codesigntest", codeBase
"file:${catalina.home}/apps/ams_ear/*" {
  permission java.security.AllPermission;
 };




--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/signed-ear-package-verification-issue-tp4673894.html
Sent from the TomEE Dev mailing list archive at Nabble.com.