diff options
Diffstat (limited to 'nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/catalina.policy')
-rw-r--r-- | nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/catalina.policy | 54 |
1 files changed, 8 insertions, 46 deletions
diff --git a/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/catalina.policy b/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/catalina.policy index a48a027f..9f991047 100644 --- a/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/catalina.policy +++ b/nokia/vnfmdriver/vfcadaptorservice/deployment/src/main/release/conf/catalina.policy @@ -14,7 +14,7 @@ // limitations under the License. // ============================================================================ -// catalina.policy - Security Policy Permissions for Tomcat +// catalina.policy - Security Policy Permissions for Tomcat 7 // // This file contains a default set of security policies to be enforced (by the // JVM) when Catalina is executed with the "-security" option. In addition @@ -59,10 +59,7 @@ grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" { permission java.security.AllPermission; }; -// These permissions apply to the logging API -// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home}, -// update this section accordingly. -// grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..} + grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { permission java.io.FilePermission "${java.home}${file.separator}lib${file.separator}logging.properties", "read"; @@ -78,26 +75,14 @@ grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "setContextClassLoader"; - permission java.lang.management.ManagementPermission "monitor"; - permission java.util.logging.LoggingPermission "control"; permission java.util.PropertyPermission "java.util.logging.config.class", "read"; permission java.util.PropertyPermission "java.util.logging.config.file", "read"; - permission java.util.PropertyPermission "org.apache.juli.AsyncLoggerPollInterval", "read"; - permission java.util.PropertyPermission "org.apache.juli.AsyncMaxRecordCount", "read"; - permission java.util.PropertyPermission "org.apache.juli.AsyncOverflowDropType", "read"; permission java.util.PropertyPermission "org.apache.juli.ClassLoaderLogManager.debug", "read"; permission java.util.PropertyPermission "catalina.base", "read"; - // Note: To enable per context logging configuration, permit read access to - // the appropriate file. Be sure that the logging configuration is - // secure before enabling such access. - // E.g. for the examples web application (uncomment and unwrap - // the following to be on a single line): - // permission java.io.FilePermission "${catalina.base}${file.separator} - // webapps${file.separator}examples${file.separator}WEB-INF - // ${file.separator}classes${file.separator}logging.properties", "read"; + }; // These permissions apply to the server startup code @@ -113,19 +98,13 @@ grant codeBase "file:${catalina.home}/lib/-" { }; -// If using a per instance lib directory, i.e. ${catalina.base}/lib, -// then the following permission will need to be uncommented -// grant codeBase "file:${catalina.base}/lib/-" { -// permission java.security.AllPermission; -// }; - // ========== WEB APPLICATION PERMISSIONS ===================================== // These permissions are granted by default to all web applications // In addition, a web application will be given a read FilePermission -// for all files and directories in its document root. +// and JndiPermission for all files and directories in its document root. grant { // Required for JNDI lookup of named JDBC DataSource's and // javamail named MimePart DataSource used to send mail @@ -189,7 +168,10 @@ grant { // Applications using Comet need to be able to access this package permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.comet"; - // Applications using WebSocket need to be able to access these packages + // Applications using the legacy WebSocket implementation need to be able to access this package + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.websocket"; + + // Applications using the JSR-356 WebSocket implementation need to be able to access these packages permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket.server"; }; @@ -228,23 +210,3 @@ grant codeBase "file:${catalina.home}/webapps/manager/-" { // included a JDBC driver that needed to establish a network connection to the // corresponding database and used the scrape taglib to get the weather from // the NOAA web server. You might create a "grant" entries like this: -// -// The permissions granted to the context root directory apply to JSP pages. -// grant codeBase "file:${catalina.base}/webapps/examples/-" { -// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; -// permission java.net.SocketPermission "*.noaa.gov:80", "connect"; -// }; -// -// The permissions granted to the context WEB-INF/classes directory -// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" { -// }; -// -// The permission granted to your JDBC driver -// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" { -// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; -// }; -// The permission granted to the scrape taglib -// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" { -// permission java.net.SocketPermission "*.noaa.gov:80", "connect"; -// }; - |