You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2010/06/06 18:02:31 UTC
svn commit: r951880 - in /tomcat/trunk: conf/catalina.policy
webapps/docs/security-manager-howto.xml
Author: kkolinko
Date: Sun Jun 6 16:02:30 2010
New Revision: 951880
URL: http://svn.apache.org/viewvc?rev=951880&view=rev
Log:
Rearrange tomcat-juli permissions, for better readability.
Modified:
tomcat/trunk/conf/catalina.policy
tomcat/trunk/webapps/docs/security-manager-howto.xml
Modified: tomcat/trunk/conf/catalina.policy
URL: http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?rev=951880&r1=951879&r2=951880&view=diff
==============================================================================
--- tomcat/trunk/conf/catalina.policy (original)
+++ tomcat/trunk/conf/catalina.policy Sun Jun 6 16:02:30 2010
@@ -64,30 +64,35 @@ grant codeBase "file:${catalina.home}/bi
// These permissions apply to the logging API
// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home},
// update this section accordingly.
+// grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..}
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
- permission java.util.PropertyPermission "java.util.logging.config.class", "read";
- permission java.util.PropertyPermission "java.util.logging.config.file", "read";
- permission java.util.PropertyPermission "catalina.base", "read";
permission java.io.FilePermission
"${java.home}${file.separator}lib${file.separator}logging.properties", "read";
+
permission java.io.FilePermission
"${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
permission java.io.FilePermission
"${catalina.base}${file.separator}logs", "read, write";
permission java.io.FilePermission
"${catalina.base}${file.separator}logs${file.separator}*", "read, write";
+
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "setContextClassLoader";
+
permission java.util.logging.LoggingPermission "control";
- // To enable per context logging configuration, permit read access to
+ permission java.util.PropertyPermission "java.util.logging.config.class", "read";
+ permission java.util.PropertyPermission "java.util.logging.config.file", "read";
+ permission java.util.PropertyPermission "catalina.base", "read";
+
+ // Note: To enable per context logging configuration, permit read access to
// the appropriate file. Be sure that the logging configuration is
- // secure before enabling such access. E.g. for the examples web
- // application:
+ // secure before enabling such access.
+ // E.g. for the examples web application, all in one line:
// permission java.io.FilePermission "${catalina.base}${file.separator}
- // webapps${file.separator}examples${file.separator}
- // WEB-INF${file.separator}classes${file.separator}logging.properties", "read";
+ // webapps${file.separator}examples${file.separator}WEB-INF
+ // ${file.separator}classes${file.separator}logging.properties", "read";
};
// These permissions apply to the server startup code
Modified: tomcat/trunk/webapps/docs/security-manager-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/security-manager-howto.xml?rev=951880&r1=951879&r2=951880&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/security-manager-howto.xml (original)
+++ tomcat/trunk/webapps/docs/security-manager-howto.xml Sun Jun 6 16:02:30 2010
@@ -230,30 +230,35 @@ grant codeBase "file:${catalina.home}/bi
// These permissions apply to the logging API
// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home},
// update this section accordingly.
+// grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..}
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
- permission java.util.PropertyPermission "java.util.logging.config.class", "read";
- permission java.util.PropertyPermission "java.util.logging.config.file", "read";
- permission java.util.PropertyPermission "catalina.base", "read";
permission java.io.FilePermission
"${java.home}${file.separator}lib${file.separator}logging.properties", "read";
+
permission java.io.FilePermission
"${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
permission java.io.FilePermission
"${catalina.base}${file.separator}logs", "read, write";
permission java.io.FilePermission
"${catalina.base}${file.separator}logs${file.separator}*", "read, write";
+
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "setContextClassLoader";
+
permission java.util.logging.LoggingPermission "control";
- // To enable per context logging configuration, permit read access to
+ permission java.util.PropertyPermission "java.util.logging.config.class", "read";
+ permission java.util.PropertyPermission "java.util.logging.config.file", "read";
+ permission java.util.PropertyPermission "catalina.base", "read";
+
+ // Note: To enable per context logging configuration, permit read access to
// the appropriate file. Be sure that the logging configuration is
- // secure before enabling such access. E.g. for the examples web
- // application:
+ // secure before enabling such access.
+ // E.g. for the examples web application, all in one line:
// permission java.io.FilePermission "${catalina.base}${file.separator}
- // webapps${file.separator}examples${file.separator}
- // WEB-INF${file.separator}classes${file.separator}logging.properties", "read";
+ // webapps${file.separator}examples${file.separator}WEB-INF
+ // ${file.separator}classes${file.separator}logging.properties", "read";
};
// These permissions apply to the server startup code
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org