svn commit: r881655 - /tomcat/trunk/webapps/docs/security-manager-howto.xml

Tue, 17 Nov 2009 19:09:47 -0800 

Author: kkolinko
Date: Wed Nov 18 03:09:12 2009
New Revision: 881655

URL: http://svn.apache.org/viewvc?rev=881655&view=rev
Log:
Updated to match the latest catalina.policy file
Updated the section about implicit permissions

Modified:
    tomcat/trunk/webapps/docs/security-manager-howto.xml

Modified: tomcat/trunk/webapps/docs/security-manager-howto.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/security-manager-howto.xml?rev=881655&r1=881654&r2=881655&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/security-manager-howto.xml (original)
+++ tomcat/trunk/webapps/docs/security-manager-howto.xml Wed Nov 18 03:09:12 
2009
@@ -121,12 +121,19 @@
     but disallow it from using file access to read any other files (unless
     permissions for those files are explicitly granted).</p>
 
-    <p>Also, Tomcat always dynamically creates the following file 
permission:</p>
-<source>  
+    <p>Also, Tomcat always dynamically creates the following file 
permissions:</p>
+<source>
 permission java.io.FilePermission "** your application context**", "read";
-</source>  
-    <p>Where **your application context** equals the folder(or WAR file) under 
which 
-    your application has been deployed. </p>  
+
+permission java.io.FilePermission
+  "** application working directory**", "read,write";
+permission java.io.FilePermission
+  "** application working directory**/-", "read,write,delete";
+</source>
+    <p>Where **your application context** equals the folder (or WAR file) 
under which 
+    your application has been deployed and **application working directory** 
is the
+    temporary directory provided to your application as required by the
+    Servlet Specification.</p>
 
   </subsection>
 
@@ -171,14 +178,15 @@
   looks like this:</p>
 <source>
 // ============================================================================
-// catalina.corepolicy - Security Policy Permissions for Tomcat 6
+// catalina.policy - Security Policy Permissions for Tomcat 7
 //
 // This file contains a default set of security policies to be enforced (by the
 // JVM) when Catalina is executed with the "-security" option.  In addition
 // to the permissions granted here, the following additional permissions are
-// granted to the codebase specific to each web application:
+// granted specific to each web application:
 //
-// * Read access to the document root directory
+// * Read access to its document root directory
+// * Read, write and delete access to its working directory
 //
 // ============================================================================
 
@@ -217,8 +225,32 @@
 };
 
 // These permissions apply to the logging API
+// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home},
+// update this section accordingly.
 grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
-        permission java.security.AllPermission;
+        permission java.util.PropertyPermission 
"java.util.logging.config.class", "read";
+        permission java.util.PropertyPermission 
"java.util.logging.config.file", "read";
+        permission java.util.PropertyPermission "catalina.base", "read";
+        permission java.io.FilePermission
+         
"${java.home}${file.separator}lib${file.separator}logging.properties", "read"; 
+        permission java.io.FilePermission
+         
"${catalina.base}${file.separator}conf${file.separator}logging.properties", 
"read";
+        permission java.io.FilePermission
+         "${catalina.base}${file.separator}logs", "read, write";
+        permission java.io.FilePermission
+         "${catalina.base}${file.separator}logs${file.separator}*", "read, 
write";
+        permission java.lang.RuntimePermission "shutdownHooks";
+        permission java.lang.RuntimePermission "getClassLoader";
+        permission java.lang.RuntimePermission "setContextClassLoader";
+        permission java.util.logging.LoggingPermission "control";
+
+        // To enable per context logging configuration, permit read access to
+        // the appropriate file. Be sure that the logging configuration is
+        // secure before enabling such access. E.g. for the examples web
+        // application:
+        // permission java.io.FilePermission "${catalina.base}${file.separator}
+        //  webapps${file.separator}examples${file.separator}
+        //  
WEB-INF${file.separator}classes${file.separator}logging.properties", "read";
 };
 
 // These permissions apply to the server startup code
@@ -260,27 +292,40 @@
     permission java.util.PropertyPermission "java.vendor", "read";
     permission java.util.PropertyPermission "java.vendor.url", "read";
     permission java.util.PropertyPermission "java.class.version", "read";
-       permission java.util.PropertyPermission "java.specification.version", 
"read";
-       permission java.util.PropertyPermission "java.specification.vendor", 
"read";
-       permission java.util.PropertyPermission "java.specification.name", 
"read";
-
-       permission java.util.PropertyPermission 
"java.vm.specification.version", "read";
-       permission java.util.PropertyPermission "java.vm.specification.vendor", 
"read";
-       permission java.util.PropertyPermission "java.vm.specification.name", 
"read";
-       permission java.util.PropertyPermission "java.vm.version", "read";
-       permission java.util.PropertyPermission "java.vm.vendor", "read";
-       permission java.util.PropertyPermission "java.vm.name", "read";
+    permission java.util.PropertyPermission "java.specification.version", 
"read";
+    permission java.util.PropertyPermission "java.specification.vendor", 
"read";
+    permission java.util.PropertyPermission "java.specification.name", "read";
+
+    permission java.util.PropertyPermission "java.vm.specification.version", 
"read";
+    permission java.util.PropertyPermission "java.vm.specification.vendor", 
"read";
+    permission java.util.PropertyPermission "java.vm.specification.name", 
"read";
+    permission java.util.PropertyPermission "java.vm.version", "read";
+    permission java.util.PropertyPermission "java.vm.vendor", "read";
+    permission java.util.PropertyPermission "java.vm.name", "read";
 
     // Required for OpenJMX
     permission java.lang.RuntimePermission "getAttribute";
 
-       // Allow read of JAXP compliant XML parser debug
-       permission java.util.PropertyPermission "jaxp.debug", "read";
+    // Allow read of JAXP compliant XML parser debug
+    permission java.util.PropertyPermission "jaxp.debug", "read";
+
+    // All JSPs need to be able to read this package
+    permission java.lang.RuntimePermission 
"accessClassInPackage.org.apache.tomcat";
 
-    // Precompiled JSPs need access to this package.
+    // Precompiled JSPs need access to these packages.
+    permission java.lang.RuntimePermission 
"accessClassInPackage.org.apache.jasper.el";
     permission java.lang.RuntimePermission 
"accessClassInPackage.org.apache.jasper.runtime";
-    permission java.lang.RuntimePermission 
"accessClassInPackage.org.apache.jasper.runtime.*";
-    
+    permission java.lang.RuntimePermission
+     "accessClassInPackage.org.apache.jasper.runtime.*";
+
+    // Precompiled JSPs need access to these system properties.
+    permission java.util.PropertyPermission
+     "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";
+    permission java.util.PropertyPermission
+     "org.apache.el.parser.COERCE_TO_ZERO", "read";
+
+    // Applications using Comet need to be able to access this package
+    permission java.lang.RuntimePermission 
"accessClassInPackage.org.apache.catalina.comet";
 };
 
 
@@ -298,21 +343,21 @@
 // the NOAA web server.  You might create a "grant" entries like this:
 //
 // The permissions granted to the context root directory apply to JSP pages.
-// grant codeBase "file:${catalina.home}/webapps/examples/-" {
+// grant codeBase "file:${catalina.base}/webapps/examples/-" {
 //      permission java.net.SocketPermission "dbhost.mycompany.com:5432", 
"connect";
 //      permission java.net.SocketPermission "*.noaa.gov:80", "connect";
 // };
 //
 // The permissions granted to the context WEB-INF/classes directory
-// grant codeBase "file:${catalina.home}/webapps/examples/WEB-INF/classes/-" {
+// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" {
 // };
 //
 // The permission granted to your JDBC driver
-// grant codeBase 
"jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
+// grant codeBase 
"jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
 //      permission java.net.SocketPermission "dbhost.mycompany.com:5432", 
"connect";
 // };
 // The permission granted to the scrape taglib
-// grant codeBase 
"jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
+// grant codeBase 
"jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
 //      permission java.net.SocketPermission "*.noaa.gov:80", "connect";
 // };
 </source>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to