This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new a0e53eb383 Remove support for starting Tomcat under a SecurityManager.
a0e53eb383 is described below
commit a0e53eb383632d7fd468dc6ef1b8e11bd34ee3d0
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jan 11 19:08:47 2023 +0000
Remove support for starting Tomcat under a SecurityManager.
---
bin/catalina.bat | 25 ---
bin/catalina.sh | 93 +++--------
conf/catalina.policy | 263 --------------------------------
webapps/docs/changelog.xml | 3 +
webapps/docs/class-loader-howto.xml | 9 --
webapps/docs/index.xml | 4 -
webapps/docs/project.xml | 56 ++++---
webapps/docs/security-manager-howto.xml | 256 -------------------------------
8 files changed, 50 insertions(+), 659 deletions(-)
diff --git a/bin/catalina.bat b/bin/catalina.bat
index 824773b460..ce73b88044 100755
--- a/bin/catalina.bat
+++ b/bin/catalina.bat
@@ -204,7 +204,6 @@ set "JSSE_OPTS=-Djdk.tls.ephemeralDHKeySize=2048"
set "JAVA_OPTS=%JAVA_OPTS% %JSSE_OPTS%"
rem Register custom URL handlers
-rem Do this here so custom URL handles (specifically 'war:...') can be used in
the security policy
set "JAVA_OPTS=%JAVA_OPTS%
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources"
if not "%CATALINA_LOGGING_CONFIG%" == "" goto noJuliConfig
@@ -241,7 +240,6 @@ echo Using CATALINA_OPTS: "%CATALINA_OPTS%"
set _EXECJAVA=%_RUNJAVA%
set MAINCLASS=org.apache.catalina.startup.Bootstrap
set ACTION=start
-set SECURITY_POLICY_FILE=
set DEBUG_OPTS=
set JPDA=
@@ -272,12 +270,9 @@ if ""%1"" == ""version"" goto doVersion
echo Usage: catalina ( commands ... )
echo commands:
echo debug Start Catalina in a debugger
-echo debug -security Debug Catalina with a security manager
echo jpda start Start Catalina under JPDA debugger
echo run Start Catalina in the current window
-echo run -security Start in the current window with security manager
echo start Start Catalina in a separate window
-echo start -security Start in a separate window with security manager
echo stop Stop Catalina
echo configtest Run a basic syntax check on server.xml
echo version What version of tomcat are you running?
@@ -287,28 +282,16 @@ goto end
shift
set _EXECJAVA=%_RUNJDB%
set DEBUG_OPTS=-sourcepath "%CATALINA_HOME%\..\..\java"
-if not ""%1"" == ""-security"" goto execCmd
-shift
-echo Using Security Manager
-set "SECURITY_POLICY_FILE=%CATALINA_BASE%\conf\catalina.policy"
goto execCmd
:doRun
shift
-if not ""%1"" == ""-security"" goto execCmd
-shift
-echo Using Security Manager
-set "SECURITY_POLICY_FILE=%CATALINA_BASE%\conf\catalina.policy"
goto execCmd
:doStart
shift
if "%TITLE%" == "" set TITLE=Tomcat
set _EXECJAVA=start "%TITLE%" %_RUNJAVA%
-if not ""%1"" == ""-security"" goto execCmd
-shift
-echo Using Security Manager
-set "SECURITY_POLICY_FILE=%CATALINA_BASE%\conf\catalina.policy"
goto execCmd
:doStop
@@ -340,18 +323,10 @@ goto setArgs
rem Execute Java with the applicable properties
if not "%JPDA%" == "" goto doJpda
-if not "%SECURITY_POLICY_FILE%" == "" goto doSecurity
%_EXECJAVA% %CATALINA_LOGGING_CONFIG% %LOGGING_MANAGER% %JAVA_OPTS%
%CATALINA_OPTS% %DEBUG_OPTS% -classpath "%CLASSPATH%"
-Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%"
-Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
goto end
-:doSecurity
-%_EXECJAVA% %CATALINA_LOGGING_CONFIG% %LOGGING_MANAGER% %JAVA_OPTS%
%CATALINA_OPTS% %DEBUG_OPTS% -classpath "%CLASSPATH%" -Djava.security.manager
-Djava.security.policy=="%SECURITY_POLICY_FILE%"
-Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%"
-Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
-goto end
:doJpda
-if not "%SECURITY_POLICY_FILE%" == "" goto doSecurityJpda
%_EXECJAVA% %CATALINA_LOGGING_CONFIG% %LOGGING_MANAGER% %JAVA_OPTS%
%JPDA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -classpath "%CLASSPATH%"
-Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%"
-Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
goto end
-:doSecurityJpda
-%_EXECJAVA% %CATALINA_LOGGING_CONFIG% %LOGGING_MANAGER% %JAVA_OPTS%
%JPDA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -classpath "%CLASSPATH%"
-Djava.security.manager -Djava.security.policy=="%SECURITY_POLICY_FILE%"
-Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%"
-Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
-goto end
:end
diff --git a/bin/catalina.sh b/bin/catalina.sh
index a15accbdb5..d987738b27 100755
--- a/bin/catalina.sh
+++ b/bin/catalina.sh
@@ -252,7 +252,6 @@ fi
JAVA_OPTS="$JAVA_OPTS $JSSE_OPTS"
# Register custom URL handlers
-# Do this here so custom URL handles (specifically 'war:...') can be used in
the security policy
JAVA_OPTS="$JAVA_OPTS
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources"
# Set juli LogManager config file if it is present and an override has not
been issued
@@ -339,55 +338,24 @@ if [ "$1" = "debug" ] ; then
exit 1
else
shift
- if [ "$1" = "-security" ] ; then
- if [ $have_tty -eq 1 ]; then
- echo "Using Security Manager"
- fi
- shift
- eval exec "\"$_RUNJDB\"" "\"$CATALINA_LOGGING_CONFIG\"" $LOGGING_MANAGER
"$JAVA_OPTS" "$CATALINA_OPTS" \
- -classpath "$CLASSPATH" \
- -sourcepath "$CATALINA_HOME"/../../java \
- -Djava.security.manager \
- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
- -Dcatalina.base="$CATALINA_BASE" \
- -Dcatalina.home="$CATALINA_HOME" \
- -Djava.io.tmpdir="$CATALINA_TMPDIR" \
- org.apache.catalina.startup.Bootstrap "$@" start
- else
- eval exec "\"$_RUNJDB\"" "\"$CATALINA_LOGGING_CONFIG\"" $LOGGING_MANAGER
"$JAVA_OPTS" "$CATALINA_OPTS" \
- -classpath "$CLASSPATH" \
- -sourcepath "$CATALINA_HOME"/../../java \
- -Dcatalina.base="$CATALINA_BASE" \
- -Dcatalina.home="$CATALINA_HOME" \
- -Djava.io.tmpdir="$CATALINA_TMPDIR" \
- org.apache.catalina.startup.Bootstrap "$@" start
- fi
+ eval exec "\"$_RUNJDB\"" "\"$CATALINA_LOGGING_CONFIG\"" $LOGGING_MANAGER
"$JAVA_OPTS" "$CATALINA_OPTS" \
+ -classpath "$CLASSPATH" \
+ -sourcepath "$CATALINA_HOME"/../../java \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+ org.apache.catalina.startup.Bootstrap "$@" start
fi
elif [ "$1" = "run" ]; then
shift
- if [ "$1" = "-security" ] ; then
- if [ $have_tty -eq 1 ]; then
- echo "Using Security Manager"
- fi
- shift
- eval exec "\"$_RUNJAVA\"" "\"$CATALINA_LOGGING_CONFIG\"" $LOGGING_MANAGER
"$JAVA_OPTS" "$CATALINA_OPTS" \
- -classpath "\"$CLASSPATH\"" \
- -Djava.security.manager \
- -Djava.security.policy=="\"$CATALINA_BASE/conf/catalina.policy\"" \
- -Dcatalina.base="\"$CATALINA_BASE\"" \
- -Dcatalina.home="\"$CATALINA_HOME\"" \
- -Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \
- org.apache.catalina.startup.Bootstrap "$@" start
- else
- eval exec "\"$_RUNJAVA\"" "\"$CATALINA_LOGGING_CONFIG\"" $LOGGING_MANAGER
"$JAVA_OPTS" "$CATALINA_OPTS" \
- -classpath "\"$CLASSPATH\"" \
- -Dcatalina.base="\"$CATALINA_BASE\"" \
- -Dcatalina.home="\"$CATALINA_HOME\"" \
- -Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \
- org.apache.catalina.startup.Bootstrap "$@" start
- fi
+ eval exec "\"$_RUNJAVA\"" "\"$CATALINA_LOGGING_CONFIG\"" $LOGGING_MANAGER
"$JAVA_OPTS" "$CATALINA_OPTS" \
+ -classpath "\"$CLASSPATH\"" \
+ -Dcatalina.base="\"$CATALINA_BASE\"" \
+ -Dcatalina.home="\"$CATALINA_HOME\"" \
+ -Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \
+ org.apache.catalina.startup.Bootstrap "$@" start
elif [ "$1" = "start" ] ; then
@@ -446,31 +414,14 @@ elif [ "$1" = "start" ] ; then
fi
$CATALINA_OUT_CMD <"$CATALINA_OUT" &
fi
- if [ "$1" = "-security" ] ; then
- if [ $have_tty -eq 1 ]; then
- echo "Using Security Manager"
- fi
- shift
- eval $_NOHUP "\"$_RUNJAVA\"" "\"$CATALINA_LOGGING_CONFIG\""
$LOGGING_MANAGER "$JAVA_OPTS" "$CATALINA_OPTS" \
- -classpath "\"$CLASSPATH\"" \
- -Djava.security.manager \
- -Djava.security.policy=="\"$CATALINA_BASE/conf/catalina.policy\"" \
- -Dcatalina.base="\"$CATALINA_BASE\"" \
- -Dcatalina.home="\"$CATALINA_HOME\"" \
- -Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \
- org.apache.catalina.startup.Bootstrap "$@" start \
- >> "$CATALINA_OUT" 2>&1 "&"
-
- else
- eval $_NOHUP "\"$_RUNJAVA\"" "\"$CATALINA_LOGGING_CONFIG\""
$LOGGING_MANAGER "$JAVA_OPTS" "$CATALINA_OPTS" \
- -classpath "\"$CLASSPATH\"" \
- -Dcatalina.base="\"$CATALINA_BASE\"" \
- -Dcatalina.home="\"$CATALINA_HOME\"" \
- -Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \
- org.apache.catalina.startup.Bootstrap "$@" start \
- >> "$CATALINA_OUT" 2>&1 "&"
- fi
+ eval $_NOHUP "\"$_RUNJAVA\"" "\"$CATALINA_LOGGING_CONFIG\"" $LOGGING_MANAGER
"$JAVA_OPTS" "$CATALINA_OPTS" \
+ -classpath "\"$CLASSPATH\"" \
+ -Dcatalina.base="\"$CATALINA_BASE\"" \
+ -Dcatalina.home="\"$CATALINA_HOME\"" \
+ -Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \
+ org.apache.catalina.startup.Bootstrap "$@" start \
+ >> "$CATALINA_OUT" 2>&1 "&"
if [ ! -z "$CATALINA_PID" ]; then
echo $! > "$CATALINA_PID"
@@ -624,16 +575,12 @@ else
echo "commands:"
if $os400; then
echo " debug Start Catalina in a debugger (not available on
OS400)"
- echo " debug -security Debug Catalina with a security manager (not
available on OS400)"
else
echo " debug Start Catalina in a debugger"
- echo " debug -security Debug Catalina with a security manager"
fi
echo " jpda start Start Catalina under JPDA debugger"
echo " run Start Catalina in the current window"
- echo " run -security Start in the current window with security manager"
echo " start Start Catalina in a separate window"
- echo " start -security Start in a separate window with security manager"
echo " stop Stop Catalina, waiting up to 5 seconds for the
process to end"
echo " stop n Stop Catalina, waiting up to n seconds for the
process to end"
echo " stop -force Stop Catalina, wait up to 5 seconds and then use
kill -KILL if still running"
diff --git a/conf/catalina.policy b/conf/catalina.policy
deleted file mode 100644
index 6a82bcb17f..0000000000
--- a/conf/catalina.policy
+++ /dev/null
@@ -1,263 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one or more
-// contributor license agreements. See the NOTICE file distributed with
-// this work for additional information regarding copyright ownership.
-// The ASF licenses this file to You under the Apache License, Version 2.0
-// (the "License"); you may not use this file except in compliance with
-// the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// ============================================================================
-// catalina.policy - Security Policy Permissions for Tomcat
-//
-// This file contains a default set of security policies to be enforced (by the
-// JVM) when Catalina is executed with the "-security" option. In addition
-// to the permissions granted here, the following additional permissions are
-// granted to each web application:
-//
-// * Read access to the web application's document root directory
-// * Read, write and delete access to the web application's working directory
-// ============================================================================
-
-
-// ========== SYSTEM CODE PERMISSIONS =========================================
-
-
-// These permissions apply to javac
-grant codeBase "file:${java.home}/lib/-" {
- permission java.security.AllPermission;
-};
-
-// These permissions apply to all shared system extensions
-grant codeBase "file:${java.home}/jre/lib/ext/-" {
- permission java.security.AllPermission;
-};
-
-// These permissions apply to javac when ${java.home} points at $JAVA_HOME/jre
-grant codeBase "file:${java.home}/../lib/-" {
- permission java.security.AllPermission;
-};
-
-// These permissions apply to all shared system extensions when
-// ${java.home} points at $JAVA_HOME/jre
-grant codeBase "file:${java.home}/lib/ext/-" {
- permission java.security.AllPermission;
-};
-
-// This permission is required when using javac to compile JSPs
-grant codeBase "jrt:/jdk.compiler" {
- permission java.security.AllPermission;
-};
-
-
-// ========== CATALINA CODE PERMISSIONS =======================================
-
-// These permissions apply to the daemon code
-grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
- permission java.security.AllPermission;
-};
-
-// These permissions apply to the logging API
-// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home},
-// update this section accordingly.
-// grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..}
-grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
- permission java.io.FilePermission
-
"${java.home}${file.separator}lib${file.separator}logging.properties", "read";
-
- permission java.io.FilePermission
-
"${catalina.base}${file.separator}conf${file.separator}logging.properties",
"read";
- permission java.io.FilePermission
- "${catalina.base}${file.separator}logs", "read, write";
- permission java.io.FilePermission
- "${catalina.base}${file.separator}logs${file.separator}*", "read,
write, delete";
-
- permission java.lang.RuntimePermission "shutdownHooks";
- permission java.lang.RuntimePermission "getClassLoader";
- permission java.lang.RuntimePermission "setContextClassLoader";
-
- permission java.lang.management.ManagementPermission "monitor";
-
- permission java.util.logging.LoggingPermission "control";
-
- permission java.util.PropertyPermission
"java.util.logging.config.class", "read";
- permission java.util.PropertyPermission
"java.util.logging.config.file", "read";
- permission java.util.PropertyPermission
"org.apache.juli.AsyncMaxRecordCount", "read";
- permission java.util.PropertyPermission
"org.apache.juli.AsyncOverflowDropType", "read";
- permission java.util.PropertyPermission
"org.apache.juli.ClassLoaderLogManager.debug", "read";
- permission java.util.PropertyPermission "catalina.base", "read";
-
- // Note: To enable per context logging configuration, permit read
access to
- // the appropriate file. Be sure that the logging configuration is
- // secure before enabling such access.
- // E.g. for the examples web application (uncomment and unwrap
- // the following to be on a single line):
- // permission java.io.FilePermission "${catalina.base}${file.separator}
- // webapps${file.separator}examples${file.separator}WEB-INF
- // ${file.separator}classes${file.separator}logging.properties",
"read";
-};
-
-// These permissions apply to the server startup code
-grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
- permission java.security.AllPermission;
-};
-
-// These permissions apply to the servlet API classes
-// and those that are shared across all class loaders
-// located in the "lib" directory
-grant codeBase "file:${catalina.home}/lib/-" {
- permission java.security.AllPermission;
-};
-
-
-// If using a per instance lib directory, i.e. ${catalina.base}/lib,
-// then the following permission will need to be uncommented
-// grant codeBase "file:${catalina.base}/lib/-" {
-// permission java.security.AllPermission;
-// };
-
-
-// ========== WEB APPLICATION PERMISSIONS =====================================
-
-
-// These permissions are granted by default to all web applications
-// In addition, a web application will be given a read FilePermission
-// for all files and directories in its document root.
-grant {
- // Required for JNDI lookup of named JDBC DataSource's and
- // javamail named MimePart DataSource used to send mail
- permission java.util.PropertyPermission "java.home", "read";
- permission java.util.PropertyPermission "java.naming.*", "read";
- permission java.util.PropertyPermission "javax.sql.*", "read";
-
- // OS Specific properties to allow read access
- permission java.util.PropertyPermission "os.name", "read";
- permission java.util.PropertyPermission "os.version", "read";
- permission java.util.PropertyPermission "os.arch", "read";
- permission java.util.PropertyPermission "file.separator", "read";
- permission java.util.PropertyPermission "path.separator", "read";
- permission java.util.PropertyPermission "line.separator", "read";
-
- // JVM properties to allow read access
- permission java.util.PropertyPermission "java.version", "read";
- permission java.util.PropertyPermission "java.vendor", "read";
- permission java.util.PropertyPermission "java.vendor.url", "read";
- permission java.util.PropertyPermission "java.class.version", "read";
- permission java.util.PropertyPermission "java.specification.version",
"read";
- permission java.util.PropertyPermission "java.specification.vendor",
"read";
- permission java.util.PropertyPermission "java.specification.name", "read";
-
- permission java.util.PropertyPermission "java.vm.specification.version",
"read";
- permission java.util.PropertyPermission "java.vm.specification.vendor",
"read";
- permission java.util.PropertyPermission "java.vm.specification.name",
"read";
- permission java.util.PropertyPermission "java.vm.version", "read";
- permission java.util.PropertyPermission "java.vm.vendor", "read";
- permission java.util.PropertyPermission "java.vm.name", "read";
-
- // Required for OpenJMX
- permission java.lang.RuntimePermission "getAttribute";
-
- // Allow read of JAXP compliant XML parser debug
- permission java.util.PropertyPermission "jaxp.debug", "read";
-
- // All JSPs need to be able to read this package
- permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.tomcat";
-
- // Precompiled JSPs need access to these packages.
- permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.jasper.el";
- permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.jasper.runtime";
- permission java.lang.RuntimePermission
- "accessClassInPackage.org.apache.jasper.runtime.*";
-
- // Applications using WebSocket need to be able to access these packages
- permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.tomcat.websocket";
- permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.tomcat.websocket.server";
-};
-
-
-// The Manager application needs access to the following packages to support
the
-// session display functionality. It also requires the custom Tomcat
-// DeployXmlPermission to enable the use of META-INF/context.xml
-// These settings support the following configurations:
-// - default CATALINA_HOME == CATALINA_BASE
-// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE
-// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME
-grant codeBase "file:${catalina.base}/webapps/manager/-" {
- permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina";
- permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.ha.session";
- permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.manager";
- permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.manager.util";
- permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.util";
- permission org.apache.catalina.security.DeployXmlPermission "manager";
-};
-grant codeBase "file:${catalina.home}/webapps/manager/-" {
- permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina";
- permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.ha.session";
- permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.manager";
- permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.manager.util";
- permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.util";
- permission org.apache.catalina.security.DeployXmlPermission "manager";
-};
-
-// The Host Manager application needs the custom Tomcat DeployXmlPermission to
-// enable the use of META-INF/context.xml
-// These settings support the following configurations:
-// - default CATALINA_HOME == CATALINA_BASE
-// - CATALINA_HOME != CATALINA_BASE, per instance Host Manager in CATALINA_BASE
-// - CATALINA_HOME != CATALINA_BASE, shared Host Manager in CATALINA_HOME
-grant codeBase "file:${catalina.base}/webapps/host-manager/-" {
- permission org.apache.catalina.security.DeployXmlPermission "host-manager";
-};
-grant codeBase "file:${catalina.home}/webapps/host-manager/-" {
- permission org.apache.catalina.security.DeployXmlPermission "host-manager";
-};
-
-
-// You can assign additional permissions to particular web applications by
-// adding additional "grant" entries here, based on the code base for that
-// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
-//
-// Different permissions can be granted to JSP pages, classes loaded from
-// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/
-// directory, or even to individual jar files in the /WEB-INF/lib/ directory.
-//
-// For instance, assume that the standard "examples" application
-// included a JDBC driver that needed to establish a network connection to the
-// corresponding database and used the scrape taglib to get the weather from
-// the NOAA web server. You might create a "grant" entries like this:
-//
-// The permissions granted to the context root directory apply to JSP pages.
-// grant codeBase "file:${catalina.base}/webapps/examples/-" {
-// permission java.net.SocketPermission "dbhost.mycompany.com:5432",
"connect";
-// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
-// };
-//
-// The permissions granted to the context WEB-INF/classes directory
-// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" {
-// };
-//
-// The permission granted to your JDBC driver
-// grant codeBase
"jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
-// permission java.net.SocketPermission "dbhost.mycompany.com:5432",
"connect";
-// };
-// The permission granted to the scrape taglib
-// grant codeBase
"jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
-// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
-// };
-
-// To grant permissions for web applications using packed WAR files, use the
-// Tomcat specific WAR url scheme.
-//
-// The permissions granted to the entire web application
-// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/-" {
-// };
-//
-// The permissions granted to a specific JAR
-// grant codeBase
"war:file:${catalina.base}/webapps/examples.war*/WEB-INF/lib/foo.jar" {
-// };
\ No newline at end of file
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d9efa22b56..d6ca350cb9 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -110,6 +110,9 @@
<update>
Update BND to 6.4.0. (markt)
</update>
+ <update>
+ Remove support for starting Tomcat under a SecurityManager. (markt)
+ </update>
</changelog>
</subsection>
</section>
diff --git a/webapps/docs/class-loader-howto.xml
b/webapps/docs/class-loader-howto.xml
index b4d55eb406..66ee7cb79d 100644
--- a/webapps/docs/class-loader-howto.xml
+++ b/webapps/docs/class-loader-howto.xml
@@ -251,15 +251,6 @@ is a risk that Tomcat and/or the deployed application will
experience errors.</p
</section>
-<section name="Running under a security manager">
-
-<p>When running under a security manager the locations from which classes
-are permitted to be loaded will also depend on the contents of your policy
-file. See <a href="security-manager-howto.html">Security Manager How-To</a>
-for further information.</p>
-
-</section>
-
<section name="Advanced configuration">
<p>A more complex class loader hierarchy may also be configured. See the
diagram
diff --git a/webapps/docs/index.xml b/webapps/docs/index.xml
index 9d2119e60c..ee5067cd25 100644
--- a/webapps/docs/index.xml
+++ b/webapps/docs/index.xml
@@ -77,10 +77,6 @@ Apache Tomcat, and using many of the Apache Tomcat
features.</p>
- Description of how to configure <em>Realms</em> (databases of users,
passwords, and their associated roles) for use in web applications that
utilize <em>Container Managed Security</em>.</li>
-<li><a href="security-manager-howto.html"><strong>Security Manager</strong></a>
- - Configuring and using a Java Security Manager to
- support fine-grained control over the behavior of your web applications.
- </li>
<li><a href="jndi-resources-howto.html"><strong>JNDI Resources</strong></a>
- Configuring standard and custom resources in the JNDI naming context
that is provided to each web application.</li>
diff --git a/webapps/docs/project.xml b/webapps/docs/project.xml
index 06d913d392..4520165ce7 100644
--- a/webapps/docs/project.xml
+++ b/webapps/docs/project.xml
@@ -41,41 +41,39 @@
<item name="5) Manager" href="manager-howto.html"/>
<item name="6) Host Manager" href="host-manager-howto.html"/>
<item name="7) Realms and AAA" href="realm-howto.html"/>
- <item name="8) Security Manager"
- href="security-manager-howto.html"/>
- <item name="9) JNDI Resources" href="jndi-resources-howto.html"/>
- <item name="10) JDBC DataSources"
+ <item name="8) JNDI Resources" href="jndi-resources-howto.html"/>
+ <item name="9) JDBC DataSources"
href="jndi-datasource-examples-howto.html"/>
- <item name="11) Classloading" href="class-loader-howto.html"/>
- <item name="12) JSPs" href="jasper-howto.html"/>
- <item name="13) SSL/TLS" href="ssl-howto.html"/>
- <item name="14) SSI" href="ssi-howto.html"/>
- <item name="15) CGI" href="cgi-howto.html"/>
- <item name="16) Proxy Support" href="proxy-howto.html"/>
- <item name="17) MBeans Descriptors"
+ <item name="10) Classloading" href="class-loader-howto.html"/>
+ <item name="11) JSPs" href="jasper-howto.html"/>
+ <item name="12) SSL/TLS" href="ssl-howto.html"/>
+ <item name="13) SSI" href="ssi-howto.html"/>
+ <item name="14) CGI" href="cgi-howto.html"/>
+ <item name="15) Proxy Support" href="proxy-howto.html"/>
+ <item name="16) MBeans Descriptors"
href="mbeans-descriptors-howto.html"/>
- <item name="18) Default Servlet" href="default-servlet.html"/>
- <item name="19) Clustering" href="cluster-howto.html"/>
- <item name="20) Load Balancer" href="balancer-howto.html"/>
- <item name="21) Connectors" href="connectors.html"/>
- <item name="22) Monitoring and Management"
+ <item name="17) Default Servlet" href="default-servlet.html"/>
+ <item name="18) Clustering" href="cluster-howto.html"/>
+ <item name="19) Load Balancer" href="balancer-howto.html"/>
+ <item name="20) Connectors" href="connectors.html"/>
+ <item name="21) Monitoring and Management"
href="monitoring.html"/>
- <item name="23) Logging" href="logging.html"/>
- <item name="24) APR/Native" href="apr.html"/>
- <item name="25) Virtual Hosting" href="virtual-hosting-howto.html"/>
- <item name="26) Advanced IO" href="aio.html"/>
- <item name="27) Mavenized" href="maven-jars.html"/>
- <item name="28) Security Considerations"
+ <item name="22) Logging" href="logging.html"/>
+ <item name="23) APR/Native" href="apr.html"/>
+ <item name="24) Virtual Hosting" href="virtual-hosting-howto.html"/>
+ <item name="25) Advanced IO" href="aio.html"/>
+ <item name="26) Mavenized" href="maven-jars.html"/>
+ <item name="27) Security Considerations"
href="security-howto.html"/>
- <item name="29) Windows Service" href="windows-service-howto.html"/>
- <item name="30) Windows Authentication"
+ <item name="28) Windows Service" href="windows-service-howto.html"/>
+ <item name="29) Windows Authentication"
href="windows-auth-howto.html"/>
- <item name="31) Tomcat's JDBC Pool"
+ <item name="30) Tomcat's JDBC Pool"
href="jdbc-pool.html"/>
- <item name="32) WebSocket" href="web-socket-howto.html"/>
- <item name="33) Rewrite" href="rewrite.html"/>
- <item name="34) CDI 2 and JAX-RS" href="cdi.html"/>
- <item name="35) AOT/GraalVM Support"
+ <item name="31) WebSocket" href="web-socket-howto.html"/>
+ <item name="32) Rewrite" href="rewrite.html"/>
+ <item name="33) CDI 2 and JAX-RS" href="cdi.html"/>
+ <item name="34) AOT/GraalVM Support"
href="graal.html"/>
</menu>
diff --git a/webapps/docs/security-manager-howto.xml
b/webapps/docs/security-manager-howto.xml
deleted file mode 100644
index b5d534c482..0000000000
--- a/webapps/docs/security-manager-howto.xml
+++ /dev/null
@@ -1,256 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<!DOCTYPE document [
- <!ENTITY project SYSTEM "project.xml">
- <!ENTITY defaultpolicy SYSTEM "../../conf/catalina.policy">
-]>
-<document url="security-manager-howto.html">
-
- &project;
-
- <properties>
- <author email="gl...@voyager.apg.more.net">Glenn Nielsen</author>
- <author email="jeanfrancois.arc...@sun.com">Jean-Francois
Arcand</author>
- <title>Security Manager How-To</title>
- </properties>
-
-<body>
-
-<section name="Table of Contents">
-<toc/>
-</section>
-
-<section name="Background">
-
- <p>The Java <strong>SecurityManager</strong> is what allows a web browser
- to run an applet in its own sandbox to prevent untrusted code from
- accessing files on the local file system, connecting to a host other
- than the one the applet was loaded from, and so on. In the same way
- the SecurityManager protects you from an untrusted applet running in
- your browser, use of a SecurityManager while running Tomcat can protect
- your server from trojan servlets, JSPs, JSP beans, and tag libraries.
- Or even inadvertent mistakes.</p>
-
- <p>Imagine if someone who is authorized to publish JSPs on your site
- inadvertently included the following in their JSP:</p>
-<source><![CDATA[<% System.exit(1); %>]]></source>
-
- <p>Every time this JSP was executed by Tomcat, Tomcat would exit.
- Using the Java SecurityManager is just one more line of defense a
- system administrator can use to keep the server secure and reliable.</p>
-
- <p><strong>WARNING</strong> - A security audit
- have been conducted using the Tomcat codebase. Most of the critical
- package have been protected and a new security package protection mechanism
- has been implemented. Still, make sure that you are satisfied with your
SecurityManager
- configuration before allowing untrusted users to publish web applications,
- JSPs, servlets, beans, or tag libraries. <strong>However, running with a
- SecurityManager is definitely better than running without one.</strong></p>
-
-</section>
-
-
-<section name="Known Issues">
-
- <p>As of Java 17, the SecurityManager has been deprecated with the
expectation
- that it will be removed in a future Java version. Users currently using a
- SecurityManager are recommended to start planning for its removal.</p>
-
-</section>
-
-
-<section name="Permissions">
-
- <p>Permission classes are used to define what Permissions a class loaded
- by Tomcat will have. There are a number of Permission classes that are
- a standard part of the JDK, and you can create your own Permission class
- for use in your own web applications. Both techniques are used in
- Tomcat.</p>
-
-
- <subsection name="Standard Permissions">
-
- <p>This is just a short summary of the standard system SecurityManager
- Permission classes applicable to Tomcat. See
- <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/";>
- http://docs.oracle.com/javase/7/docs/technotes/guides/security/</a>
- for more information.</p>
-
- <ul>
- <li><strong>java.util.PropertyPermission</strong> - Controls read/write
- access to JVM properties such as <code>java.home</code>.</li>
- <li><strong>java.lang.RuntimePermission</strong> - Controls use of
- some System/Runtime functions like <code>exit()</code> and
- <code>exec()</code>. Also control the package access/definition.</li>
- <li><strong>java.io.FilePermission</strong> - Controls read/write/execute
- access to files and directories.</li>
- <li><strong>java.net.SocketPermission</strong> - Controls use of
- network sockets.</li>
- <li><strong>java.net.NetPermission</strong> - Controls use of
- multicast network connections.</li>
- <li><strong>java.lang.reflect.ReflectPermission</strong> - Controls
- use of reflection to do class introspection.</li>
- <li><strong>java.security.SecurityPermission</strong> - Controls access
- to Security methods.</li>
- <li><strong>java.security.AllPermission</strong> - Allows access to all
- permissions, just as if you were running Tomcat without a
- SecurityManager.</li>
- </ul>
-
- </subsection>
-
-</section>
-
-
-<section name="Configuring Tomcat With A SecurityManager">
-
- <h3>Policy File Format</h3>
-
- <p>The security policies implemented by the Java SecurityManager are
- configured in the <code>$CATALINA_BASE/conf/catalina.policy</code> file.
- This file completely replaces the <code>java.policy</code> file present
- in your JDK system directories.</p>
-
- <p>Entries in the <code>catalina.policy</code> file use the standard
- <code>java.policy</code> file format, as follows:</p>
-<source><![CDATA[// Example policy file entry
-
-grant [signedBy <signer>,] [codeBase <code source>] {
- permission <class> [<name> [, <action list>]];
-};]]></source>
-
- <p>The <strong>signedBy</strong> and <strong>codeBase</strong> entries are
- optional when granting permissions. Comment lines begin with "//" and
- end at the end of the current line. The <code>codeBase</code> is in the
- form of a URL, and for a file URL can use the <code>${java.home}</code>
- and <code>${catalina.home}</code> properties (which are expanded out to
- the directory paths defined for them by the <code>JAVA_HOME</code>,
- <code>CATALINA_HOME</code> and <code>CATALINA_BASE</code> environment
- variables).</p>
-
- <h3>The Default Policy File</h3>
-
- <p>The default <code>$CATALINA_BASE/conf/catalina.policy</code> file
- looks like this:</p>
-
-<!-- The following pulls in the conf/catalina.policy file when the
- documentation is built -->
-<source>&defaultpolicy;</source>
-
- <h3>Starting Tomcat With A SecurityManager</h3>
-
- <p>Once you have configured the <code>catalina.policy</code> file for use
- with a SecurityManager, Tomcat can be started with a SecurityManager in
- place by using the "-security" option:</p>
-<source>$CATALINA_HOME/bin/catalina.sh start -security (Unix)
-%CATALINA_HOME%\bin\catalina start -security (Windows)</source>
-
- <subsection name="Permissions for packed WAR files">
-
- <p>When using packed WAR files, it is necessary to use Tomcat's custom war
- URL protocol to assign permissions to web application code.</p>
-
- <p>To assign permissions to the entire web application the entry in the
- policy file would look like this:</p>
-
-<source><![CDATA[// Example policy file entry
-grant codeBase "war:file:${catalina.base}/webapps/examples.war*/-" {
- ...
-};
-]]></source>
-
- <p>To assign permissions to a single JAR within the web application the
- entry in the policy file would look like this:</p>
-
-<source><![CDATA[// Example policy file entry
-grant codeBase
"war:file:${catalina.base}/webapps/examples.war*/WEB-INF/lib/foo.jar" {
- ...
-};
-]]></source>
-
- </subsection>
-
-</section>
-
-<section name="Configuring Package Protection in Tomcat">
- <p>Starting with Tomcat 5, it is now possible to configure which Tomcat
- internal package are protected against package definition and access. See
- <a href="http://www.oracle.com/technetwork/java/seccodeguide-139067.html";>
- http://www.oracle.com/technetwork/java/seccodeguide-139067.html</a>
- for more information.</p>
-
-
- <p><strong>WARNING</strong>: Be aware that removing the default package
protection
- could possibly open a security hole</p>
-
- <h3>The Default Properties File</h3>
-
- <p>The default <code>$CATALINA_BASE/conf/catalina.properties</code> file
- looks like this:</p>
-<source><![CDATA[#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageAccess unless the
-# corresponding RuntimePermission ("accessClassInPackage."+package) has
-# been granted.
-package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,
-org.apache.jasper.
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageDefinition unless the
-# corresponding RuntimePermission ("defineClassInPackage."+package) has
-# been granted.
-#
-# by default, no packages are restricted for definition, and none of
-# the class loaders supplied with the JDK call checkPackageDefinition.
-#
-package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,
-org.apache.tomcat.,org.apache.jasper.]]></source>
- <p>Once you have configured the <code>catalina.properties</code> file for use
- with a SecurityManager, remember to re-start Tomcat.</p>
-</section>
-
-<section name="Troubleshooting">
-
- <p>If your web application attempts to execute an operation that is
- prohibited by lack of a required Permission, it will throw an
- <code>AccessControLException</code> or a <code>SecurityException</code>
- when the SecurityManager detects the violation. Debugging the permission
- that is missing can be challenging, and one option is to turn on debug
- output of all security decisions that are made during execution. This
- is done by setting a system property before starting Tomcat. The easiest
- way to do this is via the <code>CATALINA_OPTS</code> environment variable.
- Execute this command:</p>
-<source>export CATALINA_OPTS=-Djava.security.debug=all (Unix)
-set CATALINA_OPTS=-Djava.security.debug=all (Windows)</source>
-
- <p>before starting Tomcat.</p>
-
- <p><strong>WARNING</strong> - This will generate <em>many megabytes</em>
- of output! However, it can help you track down problems by searching
- for the word "FAILED" and determining which permission was being checked
- for. See the Java security documentation for more options that you can
- specify here as well.</p>
-
-</section>
-
-
-</body>
-
-</document>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
