diff options
Diffstat (limited to 'servicegateway/deployment/src/main/release/conf/catalina.policy')
| -rw-r--r-- | servicegateway/deployment/src/main/release/conf/catalina.policy | 234 |
1 files changed, 0 insertions, 234 deletions
diff --git a/servicegateway/deployment/src/main/release/conf/catalina.policy b/servicegateway/deployment/src/main/release/conf/catalina.policy deleted file mode 100644 index 89f49d83..00000000 --- a/servicegateway/deployment/src/main/release/conf/catalina.policy +++ /dev/null @@ -1,234 +0,0 @@ -/* - * Copyright 2016 Huawei Technologies Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - - -// These permissions apply to javac -grant codeBase "file:${java.home}/lib/-" { - permission java.security.AllPermission; -}; - -// These permissions apply to all shared system extensions -grant codeBase "file:${java.home}/jre/lib/ext/-" { - permission java.security.AllPermission; -}; - -// These permissions apply to javac when ${java.home} points at $JAVA_HOME/jre -grant codeBase "file:${java.home}/../lib/-" { - permission java.security.AllPermission; -}; - -// These permissions apply to all shared system extensions when -// ${java.home} points at $JAVA_HOME/jre -grant codeBase "file:${java.home}/lib/ext/-" { - permission java.security.AllPermission; -}; - - -// ========== CATALINA CODE PERMISSIONS ======================================= - - -// These permissions apply to the daemon code -grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" { - permission java.security.AllPermission; -}; - -// These permissions apply to the logging API -// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home}, -// update this section accordingly. -// grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..} -grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { - permission java.io.FilePermission - "${java.home}${file.separator}lib${file.separator}logging.properties", "read"; - - permission java.io.FilePermission - "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read"; - permission java.io.FilePermission - "${catalina.base}${file.separator}logs", "read, write"; - permission java.io.FilePermission - "${catalina.base}${file.separator}logs${file.separator}*", "read, write"; - - permission java.lang.RuntimePermission "shutdownHooks"; - permission java.lang.RuntimePermission "getClassLoader"; - permission java.lang.RuntimePermission "setContextClassLoader"; - - permission java.util.logging.LoggingPermission "control"; - - permission java.util.PropertyPermission "java.util.logging.config.class", "read"; - permission java.util.PropertyPermission "java.util.logging.config.file", "read"; - permission java.util.PropertyPermission "org.apache.juli.ClassLoaderLogManager.debug", "read"; - permission java.util.PropertyPermission "catalina.base", "read"; - - // Note: To enable per context logging configuration, permit read access to - // the appropriate file. Be sure that the logging configuration is - // secure before enabling such access. - // E.g. for the examples web application (uncomment and unwrap - // the following to be on a single line): - // permission java.io.FilePermission "${catalina.base}${file.separator} - // webapps${file.separator}examples${file.separator}WEB-INF - // ${file.separator}classes${file.separator}logging.properties", "read"; -}; - -// These permissions apply to the server startup code -grant codeBase "file:${catalina.home}/bin/bootstrap.jar" { - permission java.security.AllPermission; -}; - -// These permissions apply to the servlet API classes -// and those that are shared across all class loaders -// located in the "lib" directory -grant codeBase "file:${catalina.home}/lib/-" { - permission java.security.AllPermission; -}; - - -// If using a per instance lib directory, i.e. ${catalina.base}/lib, -// then the following permission will need to be uncommented -// grant codeBase "file:${catalina.base}/lib/-" { -// permission java.security.AllPermission; -// }; - - -// ========== WEB APPLICATION PERMISSIONS ===================================== - - -// These permissions are granted by default to all web applications -// In addition, a web application will be given a read FilePermission -// and JndiPermission for all files and directories in its document root. -grant { - // Required for JNDI lookup of named JDBC DataSource's and - // javamail named MimePart DataSource used to send mail - permission java.util.PropertyPermission "java.home", "read"; - permission java.util.PropertyPermission "java.naming.*", "read"; - permission java.util.PropertyPermission "javax.sql.*", "read"; - - // OS Specific properties to allow read access - permission java.util.PropertyPermission "os.name", "read"; - permission java.util.PropertyPermission "os.version", "read"; - permission java.util.PropertyPermission "os.arch", "read"; - permission java.util.PropertyPermission "file.separator", "read"; - permission java.util.PropertyPermission "path.separator", "read"; - permission java.util.PropertyPermission "line.separator", "read"; - - // JVM properties to allow read access - permission java.util.PropertyPermission "java.version", "read"; - permission java.util.PropertyPermission "java.vendor", "read"; - permission java.util.PropertyPermission "java.vendor.url", "read"; - permission java.util.PropertyPermission "java.class.version", "read"; - permission java.util.PropertyPermission "java.specification.version", "read"; - permission java.util.PropertyPermission "java.specification.vendor", "read"; - permission java.util.PropertyPermission "java.specification.name", "read"; - - permission java.util.PropertyPermission "java.vm.specification.version", "read"; - permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; - permission java.util.PropertyPermission "java.vm.specification.name", "read"; - permission java.util.PropertyPermission "java.vm.version", "read"; - permission java.util.PropertyPermission "java.vm.vendor", "read"; - permission java.util.PropertyPermission "java.vm.name", "read"; - - // Required for OpenJMX - permission java.lang.RuntimePermission "getAttribute"; - - // Allow read of JAXP compliant XML parser debug - permission java.util.PropertyPermission "jaxp.debug", "read"; - - // All JSPs need to be able to read this package - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat"; - - // Precompiled JSPs need access to these packages. - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime"; - permission java.lang.RuntimePermission - "accessClassInPackage.org.apache.jasper.runtime.*"; - - // Precompiled JSPs need access to these system properties. - permission java.util.PropertyPermission - "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read"; - permission java.util.PropertyPermission - "org.apache.el.parser.COERCE_TO_ZERO", "read"; - - // The cookie code needs these. - permission java.util.PropertyPermission - "org.apache.catalina.STRICT_SERVLET_COMPLIANCE", "read"; - permission java.util.PropertyPermission - "org.apache.tomcat.util.http.ServerCookie.STRICT_NAMING", "read"; - permission java.util.PropertyPermission - "org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR", "read"; - - // Applications using Comet need to be able to access this package - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.comet"; - - // Applications using the legacy WebSocket implementation need to be able to access this package - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.websocket"; - - // Applications using the JSR-356 WebSocket implementation need to be able to access these packages - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket.server"; -}; - - -// The Manager application needs access to the following packages to support the -// session display functionality. These settings support the following -// configurations: -// - default CATALINA_HOME == CATALINA_BASE -// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE -// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME -grant codeBase "file:${catalina.base}/webapps/manager/-" { - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util"; -}; -grant codeBase "file:${catalina.home}/webapps/manager/-" { - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util"; - permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util"; -}; - -// You can assign additional permissions to particular web applications by -// adding additional "grant" entries here, based on the code base for that -// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files. -// -// Different permissions can be granted to JSP pages, classes loaded from -// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/ -// directory, or even to individual jar files in the /WEB-INF/lib/ directory. -// -// For instance, assume that the standard "examples" application -// included a JDBC driver that needed to establish a network connection to the -// corresponding database and used the scrape taglib to get the weather from -// the NOAA web server. You might create a "grant" entries like this: -// -// The permissions granted to the context root directory apply to JSP pages. -// grant codeBase "file:${catalina.base}/webapps/examples/-" { -// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; -// permission java.net.SocketPermission "*.noaa.gov:80", "connect"; -// }; -// -// The permissions granted to the context WEB-INF/classes directory -// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" { -// }; -// -// The permission granted to your JDBC driver -// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" { -// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; -// }; -// The permission granted to the scrape taglib -// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" { -// permission java.net.SocketPermission "*.noaa.gov:80", "connect"; -// }; - |