source: nutchez-0.1/tomcat/webapps/docs/security-manager-howto.html @ 95

Last change on this file since 95 was 66, checked in by waue, 16 years ago

NutchEz - an easy way to nutch

File size: 30.0 KB
Line 
1<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Apache Tomcat 6.0 - Security Manager HOW-TO</title><meta value="Glenn Nielsen" name="author"><meta value="glenn@voyager.apg.more.net" name="email"><meta value="Jean-Francois Arcand" name="author"><meta value="jeanfrancois.arcand@sun.com" name="email"></head><body vlink="#525D76" alink="#525D76" link="#525D76" text="#000000" bgcolor="#ffffff"><table cellspacing="0" width="100%" border="0"><!--PAGE HEADER--><tr><td><!--PROJECT LOGO--><a href="http://tomcat.apache.org/"><img border="0" alt="
2      The Apache Tomcat Servlet/JSP Container
3    " align="right" src="./images/tomcat.gif"></a></td><td><font face="arial,helvetica,sanserif"><h1>Apache Tomcat 6.0</h1></font></td><td><!--APACHE LOGO--><a href="http://www.apache.org/"><img border="0" alt="Apache Logo" align="right" src="./images/asf-logo.gif"></a></td></tr></table><table cellspacing="4" width="100%" border="0"><!--HEADER SEPARATOR--><tr><td colspan="2"><hr size="1" noshade></td></tr><tr><!--LEFT SIDE NAVIGATION--><td nowrap="true" valign="top" width="20%"><p><strong>Links</strong></p><ul><li><a href="index.html">Docs Home</a></li><li><a href="http://wiki.apache.org/tomcat/FAQ">FAQ</a></li></ul><p><strong>User Guide</strong></p><ul><li><a href="introduction.html">1) Introduction</a></li><li><a href="setup.html">2) Setup</a></li><li><a href="appdev/index.html">3) First webapp</a></li><li><a href="deployer-howto.html">4) Deployer</a></li><li><a href="manager-howto.html">5) Manager</a></li><li><a href="realm-howto.html">6) Realms and AAA</a></li><li><a href="security-manager-howto.html">7) Security Manager</a></li><li><a href="jndi-resources-howto.html">8) JNDI Resources</a></li><li><a href="jndi-datasource-examples-howto.html">9) JDBC DataSources</a></li><li><a href="class-loader-howto.html">10) Classloading</a></li><li><a href="jasper-howto.html">11) JSPs</a></li><li><a href="ssl-howto.html">12) SSL</a></li><li><a href="ssi-howto.html">13) SSI</a></li><li><a href="cgi-howto.html">14) CGI</a></li><li><a href="proxy-howto.html">15) Proxy Support</a></li><li><a href="mbeans-descriptor-howto.html">16) MBean Descriptor</a></li><li><a href="default-servlet.html">17) Default Servlet</a></li><li><a href="cluster-howto.html">18) Clustering</a></li><li><a href="balancer-howto.html">19) Load Balancer</a></li><li><a href="connectors.html">20) Connectors</a></li><li><a href="monitoring.html">21) Monitoring and Management</a></li><li><a href="logging.html">22) Logging</a></li><li><a href="apr.html">23) APR/Native</a></li><li><a href="virtual-hosting-howto.html">24) Virtual Hosting</a></li><li><a href="aio.html">25) Advanced IO</a></li><li><a href="extras.html">26) Additional Components</a></li><li><a href="maven-jars.html">27) Mavenized</a></li></ul><p><strong>Reference</strong></p><ul><li><a href="RELEASE-NOTES.txt">Release Notes</a></li><li><a href="config/index.html">Configuration</a></li><li><a href="api/index.html">Javadocs</a></li><li><a href="http://tomcat.apache.org/connectors-doc/">JK 1.2 Documentation</a></li></ul><p><strong>Apache Tomcat Development</strong></p><ul><li><a href="building.html">Building</a></li><li><a href="changelog.html">Changelog</a></li><li><a href="http://wiki.apache.org/tomcat/TomcatVersions">Status</a></li><li><a href="developers.html">Developers</a></li><li><a href="architecture/index.html">Architecture</a></li><li><a href="funcspecs/index.html">Functional Specs.</a></li></ul></td><!--RIGHT SIDE MAIN BODY--><td align="left" valign="top" width="80%"><table cellspacing="4" width="100%" border="0"><tr><td valign="top" align="left"><h1>Apache Tomcat 6.0</h1><h2>Security Manager HOW-TO</h2></td><td nowrap="true" valign="top" align="right"><small><a href="printer/security-manager-howto.html"><img alt="Printer Friendly Version" border="0" src="./images/printer.gif"><br>print-friendly<br>version
4                    </a></small></td></tr></table><table cellpadding="2" cellspacing="0" border="0"><tr><td bgcolor="#525D76"><font face="arial,helvetica.sanserif" color="#ffffff"><a name="Background"><strong>Background</strong></a></font></td></tr><tr><td><blockquote>
5
6  <p>The Java <strong>SecurityManager</strong> is what allows a web browser
7  to run an applet in its own sandbox to prevent untrusted code from
8  accessing files on the local file system, connecting to a host other
9  than the one the applet was loaded from, and so on.  In the same way
10  the SecurityManager protects you from an untrusted applet running in
11  your browser, use of a SecurityManager while running Tomcat can protect
12  your server from trojan servlets, JSPs, JSP beans, and tag libraries.
13  Or even inadvertent mistakes.</p>
14
15  <p>Imagine if someone who is authorized to publish JSPs on your site
16  inadvertently included the following in their JSP:</p>
17<div align="left"><table border="0" cellpadding="0" cellspacing="4"><tr><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr><tr><td width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#ffffff"><pre>
18&lt;% System.exit(1); %&gt;
19</pre></td><td width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr><tr><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr></table></div>
20
21  <p>Every time this JSP was executed by Tomcat, Tomcat would exit.
22  Using the Java SecurityManager is just one more line of defense a
23  system administrator can use to keep the server secure and reliable.</p>
24
25  <p><strong>WARNING</strong> - A security audit
26  have been conducted using the Tomcat 6 codebase. Most of the critical
27  package have been protected and a new security package protection mechanism
28  has been implemented. Still, make sure that you are satisfied with your SecurityManager
29  configuration before allowing untrusted users to publish web applications,
30  JSPs, servlets, beans, or tag libraries.  <strong>However, running with a
31  SecurityManager is definitely better than running without one.</strong></p>
32
33</blockquote></td></tr></table><table cellpadding="2" cellspacing="0" border="0"><tr><td bgcolor="#525D76"><font face="arial,helvetica.sanserif" color="#ffffff"><a name="Permissions"><strong>Permissions</strong></a></font></td></tr><tr><td><blockquote>
34
35  <p>Permission classes are used to define what Permissions a class loaded
36  by Tomcat will have.  There are a number of Permission classes that are
37  a standard part of the JDK, and you can create your own Permission class
38  for use in your own web applications.  Both techniques are used in
39  Tomcat 6.</p>
40
41
42  <table cellpadding="2" cellspacing="0" border="0"><tr><td bgcolor="#828DA6"><font face="arial,helvetica.sanserif" color="#ffffff"><a name="Standard Permissions"><strong>Standard Permissions</strong></a></font></td></tr><tr><td><blockquote>
43
44    <p>This is just a short summary of the standard system SecurityManager
45    Permission classes applicable to Tomcat.  See
46    <a href="http://java.sun.com/security/">http://java.sun.com/security/</a>
47    for more information.</p>
48
49    <ul>
50    <li><strong>java.util.PropertyPermission</strong> - Controls read/write
51        access to JVM properties such as <code>java.home</code>.</li>
52    <li><strong>java.lang.RuntimePermission</strong> - Controls use of
53        some System/Runtime functions like <code>exit()</code> and
54        <code>exec()</code>. Also control the package access/definition.</li>
55    <li><strong>java.io.FilePermission</strong> - Controls read/write/execute
56        access to files and directories.</li>
57    <li><strong>java.net.SocketPermission</strong> - Controls use of
58        network sockets.</li>
59    <li><strong>java.net.NetPermission</strong> - Controls use of
60        multicast network connections.</li>
61    <li><strong>java.lang.reflect.ReflectPermission</strong> - Controls
62        use of reflection to do class introspection.</li>
63    <li><strong>java.security.SecurityPermission</strong> - Controls access
64        to Security methods.</li>
65    <li><strong>java.security.AllPermission</strong> - Allows access to all
66        permissions, just as if you were running Tomcat without a
67        SecurityManager.</li>
68    </ul>
69
70  </blockquote></td></tr></table>
71
72
73  <table cellpadding="2" cellspacing="0" border="0"><tr><td bgcolor="#828DA6"><font face="arial,helvetica.sanserif" color="#ffffff"><a name="Tomcat Custom Permissions"><strong>Tomcat Custom Permissions</strong></a></font></td></tr><tr><td><blockquote>
74
75    <p>Tomcat utilizes a custom permission class called
76    <strong>org.apache.naming.JndiPermission</strong>.  This permission
77    controls read access to JNDI named file based resources.  The permission
78    name is the JNDI name and there are no actions.  A trailing "*" can be
79    used to do wild card matching for a JNDI named file resource when
80    granting permission.  For example, you might include the following
81    in your policy file:</p>
82<div align="left"><table border="0" cellpadding="0" cellspacing="4"><tr><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr><tr><td width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#ffffff"><pre>
83permission  org.apache.naming.JndiPermission  "jndi://localhost/examples/*";
84</pre></td><td width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr><tr><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr></table></div>
85
86    <p>A Permission entry like this is generated dynamically for each web
87    application that is deployed, to allow it to read its own static resources
88    but disallow it from using file access to read any other files (unless
89    permissions for those files are explicitly granted).</p>
90
91    <p>Also, Tomcat always dynamically creates the following file permission:</p>
92<div align="left"><table border="0" cellpadding="0" cellspacing="4"><tr><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr><tr><td width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#ffffff"><pre> 
93permission java.io.FilePermission "** your application context**", "read";
94</pre></td><td width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr><tr><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr></table></div> 
95    <p>Where **your application context** equals the folder(or WAR file) under which
96    your application has been deployed. </p> 
97
98  </blockquote></td></tr></table>
99
100
101</blockquote></td></tr></table><table cellpadding="2" cellspacing="0" border="0"><tr><td bgcolor="#525D76"><font face="arial,helvetica.sanserif" color="#ffffff"><a name="Configuring Tomcat With A SecurityManager"><strong>Configuring Tomcat With A SecurityManager</strong></a></font></td></tr><tr><td><blockquote>
102
103  <h3>Policy File Format</h3>
104
105  <p>The security policies implemented by the Java SecurityManager are
106  configured in the <code>$CATALINA_BASE/conf/catalina.policy</code> file.
107  This file completely replaces the <code>java.policy</code> file present
108  in your JDK system directories.  The <code>catalina.policy</code> file
109  can be edited by hand, or you can use the
110  <a href="http://java.sun.com/products/jdk/1.2/docs/tooldocs/solaris/policytool.html">policytool</a>
111  application that comes with Java 1.2 or later.</p>
112
113  <p>Entries in the <code>catalina.policy</code> file use the standard
114  <code>java.policy</code> file format, as follows:</p>
115<div align="left"><table border="0" cellpadding="0" cellspacing="4"><tr><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr><tr><td width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#ffffff"><pre>
116// Example policy file entry
117
118grant [signedBy &lt;signer&gt;,] [codeBase &lt;code source&gt;] {
119  permission  &lt;class&gt;  [&lt;name&gt; [, &lt;action list&gt;]];
120};
121</pre></td><td width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr><tr><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr></table></div>
122
123  <p>The <strong>signedBy</strong> and <strong>codeBase</strong> entries are
124  optional when granting permissions.  Comment lines begin with "//" and
125  end at the end of the current line.  The <code>codeBase</code> is in the
126  form of a URL, and for a file URL can use the <code>${java.home}</code>
127  and <code>${catalina.home}</code> properties (which are expanded out to
128  the directory paths defined for them by the <code>JAVA_HOME</code>,
129  <code>CATALINA_HOME</code> and <code>CATALINA_BASE</code> environment
130  variables).</p>
131
132  <h3>The Default Policy File</h3>
133
134  <p>The default <code>$CATALINA_BASE/conf/catalina.policy</code> file
135  looks like this:</p>
136<div align="left"><table border="0" cellpadding="0" cellspacing="4"><tr><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr><tr><td width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#ffffff"><pre>
137// ============================================================================
138// catalina.corepolicy - Security Policy Permissions for Tomcat 6
139//
140// This file contains a default set of security policies to be enforced (by the
141// JVM) when Catalina is executed with the "-security" option.  In addition
142// to the permissions granted here, the following additional permissions are
143// granted to the codebase specific to each web application:
144//
145// * Read access to the document root directory
146//
147// $Id: security-manager-howto.xml 633912 2008-03-05 16:24:07Z jim $
148// ============================================================================
149
150
151// ========== SYSTEM CODE PERMISSIONS =========================================
152
153
154// These permissions apply to javac
155grant codeBase "file:${java.home}/lib/-" {
156        permission java.security.AllPermission;
157};
158
159// These permissions apply to all shared system extensions
160grant codeBase "file:${java.home}/jre/lib/ext/-" {
161        permission java.security.AllPermission;
162};
163
164// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
165grant codeBase "file:${java.home}/../lib/-" {
166        permission java.security.AllPermission;
167};
168
169// These permissions apply to all shared system extensions when
170// ${java.home} points at $JAVA_HOME/jre
171grant codeBase "file:${java.home}/lib/ext/-" {
172        permission java.security.AllPermission;
173};
174
175
176// ========== CATALINA CODE PERMISSIONS =======================================
177
178
179// These permissions apply to the daemon code
180grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
181        permission java.security.AllPermission;
182};
183
184// These permissions apply to the logging API
185grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
186        permission java.security.AllPermission;
187};
188
189// These permissions apply to the server startup code
190grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
191        permission java.security.AllPermission;
192};
193
194// These permissions apply to the servlet API classes
195// and those that are shared across all class loaders
196// located in the "lib" directory
197grant codeBase "file:${catalina.home}/lib/-" {
198        permission java.security.AllPermission;
199};
200
201
202// ========== WEB APPLICATION PERMISSIONS =====================================
203
204
205// These permissions are granted by default to all web applications
206// In addition, a web application will be given a read FilePermission
207// and JndiPermission for all files and directories in its document root.
208grant {
209    // Required for JNDI lookup of named JDBC DataSource's and
210    // javamail named MimePart DataSource used to send mail
211    permission java.util.PropertyPermission "java.home", "read";
212    permission java.util.PropertyPermission "java.naming.*", "read";
213    permission java.util.PropertyPermission "javax.sql.*", "read";
214
215    // OS Specific properties to allow read access
216    permission java.util.PropertyPermission "os.name", "read";
217    permission java.util.PropertyPermission "os.version", "read";
218    permission java.util.PropertyPermission "os.arch", "read";
219    permission java.util.PropertyPermission "file.separator", "read";
220    permission java.util.PropertyPermission "path.separator", "read";
221    permission java.util.PropertyPermission "line.separator", "read";
222
223    // JVM properties to allow read access
224    permission java.util.PropertyPermission "java.version", "read";
225    permission java.util.PropertyPermission "java.vendor", "read";
226    permission java.util.PropertyPermission "java.vendor.url", "read";
227    permission java.util.PropertyPermission "java.class.version", "read";
228  permission java.util.PropertyPermission "java.specification.version", "read";
229  permission java.util.PropertyPermission "java.specification.vendor", "read";
230  permission java.util.PropertyPermission "java.specification.name", "read";
231
232  permission java.util.PropertyPermission "java.vm.specification.version", "read";
233  permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
234  permission java.util.PropertyPermission "java.vm.specification.name", "read";
235  permission java.util.PropertyPermission "java.vm.version", "read";
236  permission java.util.PropertyPermission "java.vm.vendor", "read";
237  permission java.util.PropertyPermission "java.vm.name", "read";
238
239    // Required for OpenJMX
240    permission java.lang.RuntimePermission "getAttribute";
241
242  // Allow read of JAXP compliant XML parser debug
243  permission java.util.PropertyPermission "jaxp.debug", "read";
244
245    // Precompiled JSPs need access to this package.
246    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
247    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*";
248   
249};
250
251
252// You can assign additional permissions to particular web applications by
253// adding additional "grant" entries here, based on the code base for that
254// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
255//
256// Different permissions can be granted to JSP pages, classes loaded from
257// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/
258// directory, or even to individual jar files in the /WEB-INF/lib/ directory.
259//
260// For instance, assume that the standard "examples" application
261// included a JDBC driver that needed to establish a network connection to the
262// corresponding database and used the scrape taglib to get the weather from
263// the NOAA web server.  You might create a "grant" entries like this:
264//
265// The permissions granted to the context root directory apply to JSP pages.
266// grant codeBase "file:${catalina.home}/webapps/examples/-" {
267//      permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
268//      permission java.net.SocketPermission "*.noaa.gov:80", "connect";
269// };
270//
271// The permissions granted to the context WEB-INF/classes directory
272// grant codeBase "file:${catalina.home}/webapps/examples/WEB-INF/classes/-" {
273// };
274//
275// The permission granted to your JDBC driver
276// grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
277//      permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
278// };
279// The permission granted to the scrape taglib
280// grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
281//      permission java.net.SocketPermission "*.noaa.gov:80", "connect";
282// };
283</pre></td><td width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr><tr><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr></table></div>
284
285  <h3>Starting Tomcat With A SecurityManager</h3>
286
287  <p>Once you have configured the <code>catalina.policy</code> file for use
288  with a SecurityManager, Tomcat can be started with a SecurityManager in
289  place by using the "-security" option:</p>
290<div align="left"><table border="0" cellpadding="0" cellspacing="4"><tr><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr><tr><td width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#ffffff"><pre>
291$CATALINA_HOME/bin/catalina.sh start -security    (Unix)
292%CATALINA_HOME%\bin\catalina start -security      (Windows)
293</pre></td><td width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr><tr><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr></table></div>
294
295</blockquote></td></tr></table><table cellpadding="2" cellspacing="0" border="0"><tr><td bgcolor="#525D76"><font face="arial,helvetica.sanserif" color="#ffffff"><a name="Configuring Package Protection in Tomcat"><strong>Configuring Package Protection in Tomcat</strong></a></font></td></tr><tr><td><blockquote>
296  <p>Starting with Tomcat 5, it is now possible to configure which Tomcat
297  internal package are protected againts package definition and access. See
298  <a href="http://java.sun.com/security/seccodeguide.html">
299    http://java.sun.com/security/seccodeguide.html</a>
300    for more information.</p>   
301
302 
303  <p><strong>WARNING</strong>: Be aware that removing the default package protection
304  could possibly open a security hole</p>
305
306  <h3>The Default Properties File</h3>
307
308  <p>The default <code>$CATALINA_BASE/conf/catalina.properties</code> file
309  looks like this:</p>
310<div align="left"><table border="0" cellpadding="0" cellspacing="4"><tr><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr><tr><td width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#ffffff"><pre> 
311#
312# List of comma-separated packages that start with or equal this string
313# will cause a security exception to be thrown when
314# passed to checkPackageAccess unless the
315# corresponding RuntimePermission ("accessClassInPackage."+package) has
316# been granted.
317package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,
318org.apache.jasper.
319#
320# List of comma-separated packages that start with or equal this string
321# will cause a security exception to be thrown when
322# passed to checkPackageDefinition unless the
323# corresponding RuntimePermission ("defineClassInPackage."+package) has
324# been granted.
325#
326# by default, no packages are restricted for definition, and none of
327# the class loaders supplied with the JDK call checkPackageDefinition.
328#
329package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,
330org.apache.tomcat.,org.apache.jasper.
331</pre></td><td width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr><tr><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr></table></div>
332  <p>Once you have configured the <code>catalina.properties</code> file for use
333  with a SecurityManager, remember to re-start Tomcat.</p>
334</blockquote></td></tr></table><table cellpadding="2" cellspacing="0" border="0"><tr><td bgcolor="#525D76"><font face="arial,helvetica.sanserif" color="#ffffff"><a name="Troubleshooting"><strong>Troubleshooting</strong></a></font></td></tr><tr><td><blockquote>
335
336  <p>If your web application attempts to execute an operation that is
337  prohibited by lack of a required Permission, it will throw an
338  <code>AccessControLException</code> or a <code>SecurityException</code>
339  when the SecurityManager detects the violation.  Debugging the permission
340  that is missing can be challenging, and one option is to turn on debug
341  output of all security decisions that are made during execution.  This
342  is done by setting a system property before starting Tomcat.  The easiest
343  way to do this is via the <code>CATALINA_OPTS</code> environment variable.
344  Execute this command:</p>
345<div align="left"><table border="0" cellpadding="0" cellspacing="4"><tr><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr><tr><td width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#ffffff"><pre>
346export CATALINA_OPTS=-Djava.security.debug=all    (Unix)
347set CATALINA_OPTS=-Djava.security.debug=all       (Windows)
348</pre></td><td width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr><tr><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td><td height="1" width="1" bgcolor="#023264"><img border="0" hspace="0" vspace="0" height="1" width="1" src="./images/void.gif"></td></tr></table></div>
349
350  <p>before starting Tomcat.</p>
351
352  <p><strong>WARNING</strong> - This will generate <em>many megabytes</em>
353  of output!  However, it can help you track down problems by searching
354  for the word "FAILED" and determining which permission was being checked
355  for.  See the Java security documentation for more options that you can
356  specify here as well.</p>
357
358</blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td colspan="2"><hr size="1" noshade></td></tr><!--PAGE FOOTER--><tr><td colspan="2"><div align="center"><font size="-1" color="#525D76"><em>
359        Copyright &copy; 1999-2008, Apache Software Foundation
360        </em></font></div></td></tr></table></body></html>
Note: See TracBrowser for help on using the repository browser.