Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50854

author markt <markt@13f79535-47bb-0310-9956-ffa450edef68>

Wed, 9 Mar 2011 11:38:38 +0000 (11:38 +0000)

committer markt <markt@13f79535-47bb-0310-9956-ffa450edef68>

Wed, 9 Mar 2011 11:38:38 +0000 (11:38 +0000)
author markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Wed, 9 Mar 2011 11:38:38 +0000 (11:38 +0000)
committer markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Wed, 9 Mar 2011 11:38:38 +0000 (11:38 +0000)
diff --git a/conf/catalina.policy b/conf/catalina.policy

index 200936a..38d5de9 100644 (file)
--- a/conf/catalina.policy
+++ b/conf/catalina.policy
@@ -187,11 +187,24 @@ grant {
  
  
  // The Manager application needs access to the following packages to support the
-// session display functionality
+// session display functionality. These settings support the following
+// configurations:
+// - default CATALINA_HOME == CATALINA_BASE
+// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE
+// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME
  grant codeBase "file:${catalina.base}/webapps/manager/-" {
      permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
      permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
      permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
+};
+grant codeBase "file:${catalina.home}/webapps/manager/-" {
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
  };
  
  // You can assign additional permissions to particular web applications by
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml

index e496673..fdb5197 100644 (file)
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -30,7 +30,7 @@
      <author email="kkolinko@apache.org">Konstantin Kolinko</author>
      <author email="pero@apache.org">Peter Rossbach</author>
      <author email="kfujino@apache.org">Keiichi Fujino</author>
-    <author email="timw@apache.org">Tim Whittington</author>    
+    <author email="timw@apache.org">Tim Whittington</author>   
      <author email="mturk@apache.org">Mladen Turk</author>
      <author email="schultz@apache.org">Christopher Schultz</author>
      <author email="slaurent@apache.org">Sylvain Laurent</author>
@@ -69,6 +69,11 @@
          to make request data swallowing configurable for requests
          that are too large. (rjung)
        </add>
+      <fix>
+        <bug>50854</bug>: Add additional permissions required by the Manager
+        application when running under a security Manager and support a shared
+        Manager installation when $CATALINA_HOME != CATALINA_BASE. (markt)
+      </fix>
      </changelog>
    </subsection>
    <subsection name="Coyote">
author	markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
	Wed, 9 Mar 2011 11:38:38 +0000 (11:38 +0000)
committer	markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
	Wed, 9 Mar 2011 11:38:38 +0000 (11:38 +0000)
conf/catalina.policy		patch \| blob \| history
webapps/docs/changelog.xml		patch \| blob \| history