diff options
author | yufei_zhou <yufei.zhou@nokia-sbell.com> | 2017-10-23 19:35:12 +0800 |
---|---|---|
committer | yufei_zhou <yufei.zhou@nokia-sbell.com> | 2017-10-23 19:35:12 +0800 |
commit | c6656665846db4f383a6d5a639a368ed870723d3 (patch) | |
tree | f63e76066ed790cbd09f77da56525173a5da9225 | |
parent | 79fa2b97246072150ccff122ae12a86c7359b13a (diff) |
provide tomcat conf files
Change-Id: Ic162365419ebf483033f05d37e366b5ca89c1692
Issue-ID: VFC-544
Signed-off-by: yufei_zhou <yufei.zhou@nokia-sbell.com>
10 files changed, 41 insertions, 175 deletions
diff --git a/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/catalina.policy b/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/catalina.policy index a48a027f..9f991047 100644 --- a/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/catalina.policy +++ b/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/catalina.policy @@ -14,7 +14,7 @@ // limitations under the License. // ============================================================================ -// catalina.policy - Security Policy Permissions for Tomcat +// catalina.policy - Security Policy Permissions for Tomcat 7 // // This file contains a default set of security policies to be enforced (by the // JVM) when Catalina is executed with the "-security" option. In addition @@ -59,10 +59,7 @@ grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" { permission java.security.AllPermission; }; -// These permissions apply to the logging API -// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home}, -// update this section accordingly. -// grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..} + grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { permission java.io.FilePermission "${java.home}${file.separator}lib${file.separator}logging.properties", "read"; @@ -78,26 +75,14 @@ grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "setContextClassLoader"; - permission java.lang.management.ManagementPermission "monitor"; - permission java.util.logging.LoggingPermission "control"; permission java.util.PropertyPermission "java.util.logging.config.class", "read"; permission java.util.PropertyPermission "java.util.logging.config.file", "read"; - permission java.util.PropertyPermission "org.apache.juli.AsyncLoggerPollInterval", "read"; - permission java.util.PropertyPermission "org.apache.juli.AsyncMaxRecordCount", "read"; - permission java.util.PropertyPermission "org.apache.juli.AsyncOverflowDropType", "read"; permission java.util.PropertyPermission "org.apache.juli.ClassLoaderLogManager.debug", "read"; permission java.util.PropertyPermission "catalina.base", "read"; - // Note: To enable per context logging configuration, permit read access to - // the appropriate file. Be sure that the logging configuration is - // secure before enabling such access. - // E.g. for the examples web application (uncomment and unwrap - // the following to be on a single line): - // permission java.io.FilePermission "${catalina.base}${file.separator} - // webapps${file.separator}examples${file.separator}WEB-INF - // ${file.separator}classes${file.separator}logging.properties", "read"; + }; // These permissions apply to the server startup code @@ -113,19 +98,13 @@ grant codeBase "file:${catalina.home}/lib/-" { }; -// If using a per instance lib directory, i.e. ${catalina.base}/lib, -// then the following permission will need to be uncommented -// grant codeBase "file:${catalina.base}/lib/-" { -// permission java.security.AllPermission; -// }; - // ========== WEB APPLICATION PERMISSIONS ===================================== // These permissions are granted by default to all web applications // In addition, a web application will be given a read FilePermission -// for all files and directories in its document root. +// and JndiPermission for all files and directories in its document root. grant { // Required for JNDI lookup of named JDBC DataSource's and // javamail named MimePart DataSource used to send mail @@ -189,7 +168,10 @@ grant { // Applications using Comet need to be able to access this package permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.comet"; - // Applications using WebSocket need to be able to access these packages + // Applications using the legacy WebSocket implementation need to be able to access this package + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.websocket"; + + // Applications using the JSR-356 WebSocket implementation need to be able to access these packages permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket.server"; }; @@ -228,23 +210,3 @@ grant codeBase "file:${catalina.home}/webapps/manager/-" { // included a JDBC driver that needed to establish a network connection to the // corresponding database and used the scrape taglib to get the weather from // the NOAA web server. You might create a "grant" entries like this: -// -// The permissions granted to the context root directory apply to JSP pages. -// grant codeBase "file:${catalina.base}/webapps/examples/-" { -// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; -// permission java.net.SocketPermission "*.noaa.gov:80", "connect"; -// }; -// -// The permissions granted to the context WEB-INF/classes directory -// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" { -// }; -// -// The permission granted to your JDBC driver -// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" { -// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; -// }; -// The permission granted to the scrape taglib -// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" { -// permission java.net.SocketPermission "*.noaa.gov:80", "connect"; -// }; - diff --git a/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/catalina.properties b/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/catalina.properties index 830b29a3..a2393bb4 100644 --- a/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/catalina.properties +++ b/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/catalina.properties @@ -19,7 +19,8 @@ # passed to checkPackageAccess unless the # corresponding RuntimePermission ("accessClassInPackage."+package) has # been granted. -package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,org.apache.tomcat. +package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,\ +org.apache.naming.resources.,org.apache.tomcat. # # List of comma-separated packages that start with or equal this string # will cause a security exception to be thrown when @@ -45,12 +46,7 @@ org.apache.jasper.,org.apache.naming.,org.apache.tomcat. # "foo/*.jar": Add all the JARs of the specified folder as class # repositories # "foo/bar.jar": Add bar.jar as a class repository -# -# Note: Values are enclosed in double quotes ("...") in case either the -# ${catalina.base} path or the ${catalina.home} path contains a comma. -# Because double quotes are used for quoting, the double quote character -# may not appear in a path. -common.loader="${catalina.base}/lib","${catalina.base}/lib/*.jar","${catalina.home}/lib","${catalina.home}/lib/*.jar" +common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar # # List of comma-separated paths defining the contents of the "server" @@ -63,11 +59,6 @@ common.loader="${catalina.base}/lib","${catalina.base}/lib/*.jar","${catalina.ho # "foo/*.jar": Add all the JARs of the specified folder as class # repositories # "foo/bar.jar": Add bar.jar as a class repository -# -# Note: Values may be enclosed in double quotes ("...") in case either the -# ${catalina.base} path or the ${catalina.home} path contains a comma. -# Because double quotes are used for quoting, the double quote character -# may not appear in a path. server.loader= # @@ -82,21 +73,15 @@ server.loader= # "foo/bar.jar": Add bar.jar as a class repository # Please note that for single jars, e.g. bar.jar, you need the URL form # starting with file:. -# -# Note: Values may be enclosed in double quotes ("...") in case either the -# ${catalina.base} path or the ${catalina.home} path contains a comma. -# Because double quotes are used for quoting, the double quote character -# may not appear in a path. shared.loader= -# Default list of JAR files that should not be scanned using the JarScanner +# List of JAR files that should not be scanned using the JarScanner # functionality. This is typically used to scan JARs for configuration # information. JARs that do not contain such information may be excluded from # the scan to speed up the scanning process. This is the default list. JARs on -# this list are excluded from all scans. The list must be a comma separated list -# of JAR file names. -# The list of JARs to skip may be over-ridden at a Context level for individual -# scan types by configuring a JarScanner with a nested JarScanFilter. +# this list are excluded from all scans. Scan specific lists (to exclude JARs +# from individual scans) follow this. The list must be a comma separated list of +# JAR file names. # The JARs listed below include: # - Tomcat Bootstrap JARs # - Tomcat API JARs @@ -105,14 +90,13 @@ shared.loader= # - Tomcat JARs # - Common non-Tomcat JARs # - Test JARs (JUnit, Cobertura and dependencies) -tomcat.util.scan.StandardJarScanFilter.jarsToSkip=\ +tomcat.util.scan.DefaultJarScanner.jarsToSkip=\ bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\ annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,websocket-api.jar,\ -catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-storeconfig.jar,\ -catalina-tribes.jar,\ +catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-tribes.jar,\ jasper.jar,jasper-el.jar,ecj-*.jar,\ -tomcat-api.jar,tomcat-util.jar,tomcat-util-scan.jar,tomcat-coyote.jar,\ -tomcat-dbcp.jar,tomcat-jni.jar,tomcat-websocket.jar,\ +tomcat-api.jar,tomcat-util.jar,tomcat-coyote.jar,tomcat-dbcp.jar,\ +tomcat-jni.jar,tomcat-spdy.jar,\ tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\ tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\ tomcat-jdbc.jar,\ @@ -121,26 +105,26 @@ commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\ commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\ commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\ commons-math*.jar,commons-pool*.jar,\ -jstl.jar,taglibs-standard-spec-*.jar,\ +jstl.jar,\ geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\ ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\ -jmx-tools.jar,jta*.jar,log4j*.jar,mail*.jar,slf4j*.jar,\ +jmx-tools.jar,jta*.jar,log4j.jar,log4j-1*.jar,mail*.jar,slf4j*.jar,\ xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\ -junit.jar,junit-*.jar,ant-launcher.jar,\ +junit.jar,junit-*.jar,hamcrest*.jar,org.hamcrest*.jar,ant-launcher.jar,\ cobertura-*.jar,asm-*.jar,dom4j-*.jar,icu4j-*.jar,jaxen-*.jar,jdom-*.jar,\ jetty-*.jar,oro-*.jar,servlet-api-*.jar,tagsoup-*.jar,xmlParserAPIs-*.jar,\ xom-*.jar -# Default list of JAR files that should be scanned that overrides the default -# jarsToSkip list above. This is typically used to include a specific JAR that -# has been excluded by a broad file name pattern in the jarsToSkip list. -# The list of JARs to scan may be over-ridden at a Context level for individual -# scan types by configuring a JarScanner with a nested JarScanFilter. -tomcat.util.scan.StandardJarScanFilter.jarsToScan=\ -log4j-core*.jar,log4j-taglib*.jar,log4javascript*.jar,slf4j-taglib*.jar +# Additional JARs (over and above the default JARs listed above) to skip when +# scanning for Servlet 3.0 pluggability features. These features include web +# fragments, annotations, SCIs and classes that match @HandlesTypes. The list +# must be a comma separated list of JAR file names. +org.apache.catalina.startup.ContextConfig.jarsToSkip= +# Additional JARs (over and above the default JARs listed above) to skip when +# scanning for TLDs. The list must be a comma separated list of JAR file names. +org.apache.catalina.startup.TldConfig.jarsToSkip=tomcat7-websocket.jar + +# # String cache configuration. tomcat.util.buf.StringCache.byte.enabled=true -#tomcat.util.buf.StringCache.char.enabled=true -#tomcat.util.buf.StringCache.trainThreshold=500000 -#tomcat.util.buf.StringCache.cacheSize=5000 diff --git a/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/context.xml b/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/context.xml index 98727cb7..64de61ff 100644 --- a/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/context.xml +++ b/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/context.xml @@ -1,4 +1,4 @@ -<?xml version='1.0' encoding='utf-8'?> +<?xml version="1.0" encoding="UTF-8"?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with @@ -27,10 +27,4 @@ <!-- <Manager pathname="" /> --> - - <!-- Uncomment this to enable Comet connection tacking (provides events - on session expiration as well as webapp lifecycle) --> - <!-- - <Valve className="org.apache.catalina.valves.CometConnectionManagerValve" /> - --> </Context> diff --git a/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/jaspic-providers.xml b/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/jaspic-providers.xml deleted file mode 100644 index cdebf872..00000000 --- a/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/jaspic-providers.xml +++ /dev/null @@ -1,23 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<jaspic-providers xmlns="http://tomcat.apache.org/xml" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://tomcat.apache.org/xml jaspic-providers.xsd" - version="1.0"> - <!-- No JASPIC providers configured by default --> -</jaspic-providers> diff --git a/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/jaspic-providers.xsd b/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/jaspic-providers.xsd deleted file mode 100644 index 73a87aa2..00000000 --- a/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/jaspic-providers.xsd +++ /dev/null @@ -1,53 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<xs:schema xmlns="http://www.w3.org/2001/XMLSchema" - targetNamespace="http://tomcat.apache.org/xml" - xmlns:jaspic="http://tomcat.apache.org/xml" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - elementFormDefault="qualified" - attributeFormDefault="unqualified" - version="1.0"> - <xs:element name="jaspic-providers"> - <xs:complexType> - <xs:sequence> - <xs:element name="provider" minOccurs="0" maxOccurs="unbounded"> - <xs:complexType> - <xs:sequence> - <xs:element name="property" minOccurs="0" maxOccurs="unbounded"> - <xs:complexType> - <xs:attribute name="name" use="required" type="jaspic:propertyname" /> - <xs:attribute name="value" use="required" type="xs:string" /> - </xs:complexType> - </xs:element> - </xs:sequence> - <xs:attribute name="className" use="required" type="xs:string" /> - <xs:attribute name="layer" use="required" type="xs:string" /> - <xs:attribute name="appContext" use="required" type="xs:string" /> - <xs:attribute name="description" type="xs:string" /> - </xs:complexType> - </xs:element> - </xs:sequence> - <xs:attribute name="version" type="xs:string" /> - </xs:complexType> - </xs:element> - <xs:simpleType name="propertyname"> - <xs:restriction base="xs:string"> - <xs:minLength value="1"/> - </xs:restriction> - </xs:simpleType> -</xs:schema>
\ No newline at end of file diff --git a/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/logging.properties b/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/logging.properties index cb5ed661..a2ad9c27 100644 --- a/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/logging.properties +++ b/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/logging.properties @@ -62,3 +62,9 @@ org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].ha # To see debug messages in TldLocationsCache, uncomment the following line: #org.apache.jasper.compiler.TldLocationsCache.level = FINE + +# To see debug messages for HTTP/2 handling, uncomment the following line: +#org.apache.coyote.http2.level = FINE + +# To see debug messages for WebSocket handling, uncomment the following line: +#org.apache.tomcat.websocket.level = FINE diff --git a/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/server.p12 b/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/server.p12 Binary files differnew file mode 100644 index 00000000..5bc1b7a9 --- /dev/null +++ b/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/server.p12 diff --git a/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/trust.jks b/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/trust.jks Binary files differnew file mode 100644 index 00000000..30b62ce8 --- /dev/null +++ b/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/trust.jks diff --git a/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/web.xml b/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/web.xml index c98ff28c..793a8a88 100644 --- a/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/web.xml +++ b/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/web.xml @@ -1,4 +1,4 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> +<?xml version="1.0" encoding="UTF-8"?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with @@ -238,9 +238,6 @@ <!-- attribute values, should the rules in JSP.1.6 --> <!-- for the escaping of quote characters be --> <!-- strictly applied? [true] --> - <!-- The default can be changed with the --> - <!-- org.apache.jasper.compiler.Parser. --> - <!-- STRICT_QUOTE_ESCAPING system property. --> <!-- --> <!-- quoteAttributeEL When EL is used in an attribute value on a --> <!-- JSP page should the rules for quoting of --> diff --git a/nokia/vnfmdriver/vfcadaptorservice/docker/docker-entrypoint.sh b/nokia/vnfmdriver/vfcadaptorservice/docker/docker-entrypoint.sh index 8a2fab86..92a16283 100755 --- a/nokia/vnfmdriver/vfcadaptorservice/docker/docker-entrypoint.sh +++ b/nokia/vnfmdriver/vfcadaptorservice/docker/docker-entrypoint.sh @@ -43,8 +43,7 @@ echo ./instance-config.sh # Start mysql -# su mysql -c /usr/bin/mysqld_safe & -service mysql start +su mysql -c /usr/bin/mysqld_safe & # Perform one-time config if [ ! -e init.log ]; then |