From: kkolinko Date: Wed, 18 Nov 2009 03:00:57 +0000 (+0000) Subject: Wrapped long lines. As the text of this file is copy-pasted into security-manager... X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=bc8362e6abb6f0914c894245516285c81a23c806;p=tomcat7.0 Wrapped long lines. As the text of this file is copy-pasted into security-manager-howto.html, it will make it more readable. Added a comment regarding tomcat-juli.jar git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@881654 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/conf/catalina.policy b/conf/catalina.policy index 2db96a197..175dd5e38 100644 --- a/conf/catalina.policy +++ b/conf/catalina.policy @@ -62,22 +62,32 @@ grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" { }; // These permissions apply to the logging API +// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home}, +// update this section accordingly. grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { permission java.util.PropertyPermission "java.util.logging.config.class", "read"; permission java.util.PropertyPermission "java.util.logging.config.file", "read"; permission java.util.PropertyPermission "catalina.base", "read"; - permission java.io.FilePermission "${java.home}${file.separator}lib${file.separator}logging.properties", "read"; - permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read"; - permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write"; - permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write"; + permission java.io.FilePermission + "${java.home}${file.separator}lib${file.separator}logging.properties", "read"; + permission java.io.FilePermission + "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read"; + permission java.io.FilePermission + "${catalina.base}${file.separator}logs", "read, write"; + permission java.io.FilePermission + "${catalina.base}${file.separator}logs${file.separator}*", "read, write"; permission java.lang.RuntimePermission "shutdownHooks"; permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "setContextClassLoader"; permission java.util.logging.LoggingPermission "control"; - // To enable per context logging configuration, permit read access to the appropriate file. - // Be sure that the logging configuration is secure before enabling such access. - // E.g. for the examples web application: - // permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read"; + + // To enable per context logging configuration, permit read access to + // the appropriate file. Be sure that the logging configuration is + // secure before enabling such access. E.g. for the examples web + // application: + // permission java.io.FilePermission "${catalina.base}${file.separator} + // webapps${file.separator}examples${file.separator} + // WEB-INF${file.separator}classes${file.separator}logging.properties", "read"; }; // These permissions apply to the server startup code @@ -142,11 +152,14 @@ grant { // Precompiled JSPs need access to these packages. permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*"; + permission java.lang.RuntimePermission + "accessClassInPackage.org.apache.jasper.runtime.*"; // Precompiled JSPs need access to these system properties. - permission java.util.PropertyPermission "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read"; - permission java.util.PropertyPermission "org.apache.el.parser.COERCE_TO_ZERO", "read"; + permission java.util.PropertyPermission + "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read"; + permission java.util.PropertyPermission + "org.apache.el.parser.COERCE_TO_ZERO", "read"; // Applications using Comet need to be able to access this package permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.comet";